Multisignature accounts on Namada
Multisignature accounts (multisigs) are accounts on Namada that allow for multiple signers. There are many benefits to multisignature accounts, including but not limited to:
- Increased security
- Ability to share wallets
- Better recovery options
For this reason, all established accounts on Namada are multisignature accounts by default.
A multisignature account can be described as an "x of y" account, where x is the 'threshold' or required number of signatures on a transaction and y is the total number of keys associated with the account. For example, a 3 of 5 multisig will need at least three of the parties to sign any transaction.
Example: Initialising a multisignature account
Here is the process to generate a 2 of 3 multisig account:
Create three signing keys
Assuming we have three parties -- Alice, Bob, and Charlie -- on the multisig, they each need to first generate their keypairs.
namadaw gen --alias alice
namadaw gen --alias bob
namadaw gen --alias charlie
Fund an implicit account for transaction fees
Recall from the section on established accounts that we will need to provide an implicit account to
sign and to pay the gas costs of the init-account
transaction. This can be any account you own, whether or not it's party to the multisig.
In this example, Alice will cover the transaction fees and we'll assume she already has sufficient NAM in her account.
Init-account
The init-account
transaction is no different from a typical established account, except for threshold and number of public keys associated.
(In fact, a typical established account is simply a 1 of 1 multisig.)
The --signing-keys
flag indicates that Alice is signing and paying fees for this transaction.
namadac init-account --alias abc-multisig\
--public-keys alice,bob,charlie --threshold 2 \
--signing-keys alice
Submitting a multisignature transaction
A multisignature transaction requires that an offline transaction first be constructed so that it can be signed by each required party before being submitted to the chain.
Dump the raw tx
The --dump-tx
argument will write the transaction to disk. A folder is required to be specified where the transaction will be dumped.
mkdir tx_dumps
namadac transfer --source abc-multisig --target $TARGET \
--token nam --amount 2 \
--signing-keys alice \
--dump-tx --output-folder-path tx_dumps
# Example output:
Transaction serialized to tx_dumps/FC2955C6B252EF6E93B1B54923B2178A7DC47E06D27448A43426487DF4BAD0E3.tx.
Sign the transaction with two of the three Keys
This command will sign the transaction with Alice's key. Afterwards, repeat the command using Bob's key.
cd tx_dumps
namadac sign-tx \
--tx-path FC2955C6B252EF6E93B1B54923B2178A7DC47E06D27448A43426487DF4BAD0E3.tx \
--signing-keys alice \
--owner abc-multisig
You should have created two new files -- one with Alice's signature and one with Bob's.
# contents of tx_dumps directory
FC2955C6B252EF6E93B1B54923B2178A7DC47E06D27448A43426487DF4BAD0E3.tx
offline_signature_FC2955C6B252EF6E93B1B54923B2178A7DC47E06D27448A43426487DF4BAD0E3_tpknam1qpnpmq2mpxaag9e0xcczgc0w66pzaxvpnhysjsm8h5tgmajgvunwck67w5j.tx
offline_signature_FC2955C6B252EF6E93B1B54923B2178A7DC47E06D27448A43426487DF4BAD0E3_tpknam1qqjnwcwpjy09ty4v0z6jwpkr04m3q2h0dgr6j62dfs4g6q6l4dk5yy5we05.tx
To make things easier in the next step, we'll save these filenames to the shell variables TX
, SIG1
and SIG2
.
Submit transaction on-chain
Since we have enough signatures to meet the threshold of this account, we can submit the transaction. Note that we need to specify an implicit account that will pay the transaction fees.
namadac tx \
--tx-path $TX \
--signatures $SIG1 $SIG2 \
--owner abc-multisig \
--gas-payer alice
Note the lack of commas used in the --signatures
argument.
Changing the multisig threshold or associated keys
It is possible to change the multisig threshold of an existing account. This can be done by submitting a valid update-account
transaction.
For example, to change the threshold on our multisig to 1:
namadac update-account \
--address abc-multisig \
--public-keys alice,bob,charlie \
--threshold 1 \
--signing-keys alice,bob
Note: you must include both the threshold and the list of public keys to be associated with this account, even if there is no change to one of those values.
Updating an account's threshold or public keys requires submitting a valid transaction meeting the existing requirements -- the update-account
transaction is no different from any other transaction in that regard. Therefore, you may need to follow the steps described in the previous section to first dump the update-account
transaction
to a file and collect the required signatures.
Querying the threshold and public keys of an account
One can check that the threshold has been updated correctly by running:
namadac query-account \
--owner abc-multisig
This will list the threshold and all associated public keys of an account.
A video tutorial
Skip all the boring reading and watch a video tutorial instead!