Multisig - the RSK way

By Sr. Software Engineer Antonio Morrone

July 23, 2021

Announcing RIF Multisig!

What does multisig mean?

The term "multisig" stands for "multi-signature" and it's used to describe accounts associated with more than one private key. The account is created with a list of owners and a policy `m-out-of-n` when transactions are approved by at least m owners, they can be executed.

In blockchain each transaction involves the usage of public-key signature; each blockchain participant owns a private/public key pair. The participants use the private keys to sign a transaction and all other participants can verify that signature using the signer's public key.

With a multisig account, each transaction requires the signature of many accounts before being executed. One participant (who is among the multisig account owners) can start the transaction, but only when the other owners approve that transaction, it will be executed.

Why?

The multisig account eliminates the single point of failure in case of attacks and it allows the implementation of a variety of use cases where one or many parties are involved. Here below some examples.

• Redundancy: if a user loses the key, the funds are not lost because the other keys can still be used.
• 2FA (two-factor authentication): a single user can have both a web wallet and a mobile wallet associated with a multisig account, policy 2-of-2.
• Departments approval: two departments must approve each transaction before being published, policy 2-of-2.
• Parents' saving account: a kid can spend money only with the approval of either parent.

RIF Multisig

The RIF Multisig offers all of the features of Gnosis Safe + additional SDK methods, bringing the multisig solution to RSK and the Bitcoin ecosystem in a seamless way for the first time. It also helps to bring the DeFi for Bitcoin experience in line with Ethereum on security and UX. Developers can integrate the open source solution with support from the RSK Apps & Services team.

RSK solution architecture

• Libraries:
  • @gnosis.pm/safe-core-sdk - it provides the core functionalities required to interact with a Safe
  • @rsksmart/safe-factory-sdk - it allows the creation of a Safe account without UI interaction
  • @rsksmart/safe-transactions-sdk - it facilitates the transaction creation (raw transactions, ERC20 transactions, and rejections)
  • @gnosis.pm/safe-service-client (still in alpha version as of June 2021): it facilitates the interaction with Safe Transaction Service API
• Smart contracts:
  • Gnosis Safe Contracts
• Rest API:
  • Safe transaction service: it collects all the multisig information using trace_transaction and trace_blocks. Furthermore, it allows collecting off-chain signatures and retrieving multisig pending transactions.
• Repository:
  • Node sample app

Visit the DevPortal to learn more and get started! You can also get support from the RIF Identity team through the Open Slack.