Accounts that require two or more keys to sign a transaction (requiring a certain permission), commonly referred to as multisignature accounts, are generally used to store funds securely and are without a doubt a very exciting EOS feature. But how do multisignature accounts work, how do you sign transactions with different keys and how can you set up a multisignature account yourself? We will explain all aspects of multisignature accounts on EOS in this article.
Structure of a default EOS account
Before we start explaining multisignature accounts it is important to understand (the structure of) default EOS accounts first. If you would like to fully understand EOS accounts, read our comprehensive guide here. If you would only like to learn about the default structure of an EOS account, read the explanation below.
Every user has one or more accounts on the EOS blockchain. EOS accounts are human-readable identifiers that are stored on the blockchain and they are required to push any (valid) transaction to the EOS blockchain.
EOS accounts are 12 characters long and can contain the letters a-z and the digits 1–5. These account names replace the long and clumsy wallet addresses that are used in most cryptocurrencies.
Furthermore, every EOS account has permissions. Permissions can be seen as requirements which need to be fulfilled in order for a transaction to go through. Each permission has certain actions associated with it. A default EOS account has 2 native permissions:
- Owner: shows ownership of the account and is needed to make any changes to the ownership the account. The key for this permission is best kept (safely) offline, as it is not needed to do most things on the EOS network.
- Active: used for transferring funds, voting for producers and making other high-level account changes.
Besides these 2 native permissions you can create new, custom, permissions that fit your needs.
Each permission has one key associated with it. Each key associated with a permission has a certain weight, and each permission has a certain weight threshold which needs to be met before a transaction requiring that permission is accepted.
To help you understand all of this information we have included the above image, which visualizes the permissions structure of a default EOS account. As you can see, the owner permission has a default threshold of 1, and 1 key with a weight of 1 associated with it. The same goes for the active permission which has a default threshold of 1, and 1 key with a weight of 1 associated with it. This means that only the (private) key associated with the owner or active permission is required to perform any transaction requiring the owner or active permission.
The (private) key associated with the owner permission is often referred to as the owner key, whereas the (private) key associated with the active permission is often referred to as the active key.
How multisignature EOS accounts work
Now you are familiar with (the structure of) default EOS accounts, it’s time to learn about multisignature EOS accounts. Multisignature EOS accounts function similar to default EOS accounts, the main difference between the two is the permissions structure. In a default EOS account all permissions have a threshold of 1 and only have 1 key with a weight of 1 associated with it, whereas the permissions in a multisignature EOS account have a threshold of 2 or higher and have multiple keys with (possibly) varying weights associated with them. This also means that multiple keys will have to sign any transaction from the multisignature EOS account.
An example of a possible permissions structure in a multisignature EOS account can be seen in the image above. Just like the default account described earlier, this account has both the owner and active permission.
However, the owner permission in this multisignature account has a threshold of 3 and has 3 keys associated with it: The active key from John’s account, which has a weight of 2, the active key from Bob’s account, which has a weight of 1 and the active key from Stacy’s account, which also has a weight of 1. This means that to execute any transaction requiring the owner permission both John’s active key and either Bob’s or Stacy’s active key would have to sign the transaction before it is executed.
The active permission in this multisignature account has a threshold of 2 and has 3 keys associated with it. The active key from John’s account, which has a weight of 1, the active key from Bob’s account, which has a weight of 1 and the active key from Stacy’s account, which also has a weight of 1. This means that to execute any transaction requiring the active permission (any combination) of 2 of the active keys would have to sign the transaction before it is executed.
Creating a multisignature EOS account
Now you are familiar with how multisignature accounts it’s time to learn how to create a multisignature account yourself. Before you are able to create a multisignature account, you need to create a default EOS account first, which you will then turn into a multisignature account. If you do not have an account yet, you can follow our guide on how to create one here. Once you have an account, you can continue.
Keep in mind that changing the permissions structure of your account might render your account inaccessible and unrecoverable, proceed with caution.
In this example we will create an account which can be shared with a friend. It will have the following permissions structure:
In this example the owner permission has a threshold of 2 and has 2 keys with a weight of 1 associated with it The active key of your own account and the active key of your friend’s account. This means that in order to perform any transaction requiring the owner permission both you and your friend would have to sign the transaction with the active key before it is executed.
The active permission has a threshold of 1 and has 2 keys with a weight of 1 associated with it. The active key of your own account and the active key of your friend’s account. This means that in order to perform any transaction requiring the active permission either you or your friend would have to sign the transaction with the active key before it is executed.
Let’s start updating the permissions structure to turn this account into a multisignature account. We will be using EOSToolkit for this tutorial. Navigate to the ‘Advanced Permissions’ page which you can find here. Then connect the account you are going to update by clicking ‘Attach Account’ on the top left and verify the connection using Scatter.
We will first update the active permission, fill in the blanks using the correct information and click ‘Update’ after, then sign the transaction using Scatter. Feel free to use any permissions structure you like, just make sure you are very careful.
After you are done updating the active permission it is time to update the owner permission. Fill in the correct information again and click “Update”.
To verify everything has worked you can view the permissions structure of you account in a block explorer like bloks.io by going to the “Keys” section of the page of your account.
Creating, signing and pushing multisignature transactions
Now you have succesfully created a multisignature account you can start creating, signing and pushing your first multisignature transactions. We will explain the whole process. To start go to EOSToolkit, make sure your account is connected and switch to “Multisig Mode” by clicking on the “Singlesig Mode” button in the menu on the left.
Creating a multisignature transaction
In this example we will create a token transfer transaction. To do so go to the “Transfer Tokens” tab in the menu on the left.
Fill in the correct information in the blanks and click “Send”. The sender account will be automatically filled in. After clicking “Send” you will automatically get prompted to the “Create Transaction” page, where we will create the transaction.
Fill in the correct information in the blanks. You will have to use the active permission as the transfer action requires the active permission. After you have filled in the information click “Create JSON”, sign the transaction and download the JSON file.
Signing a multisignature transaction
After succesfully creating the transaction it’s time to sign it with the required accounts. Go to the “Sign Transaction” page, make sure the right Scatter account is connected and load the transaction JSON file you just created. After doing so click “Sign Transaction”, sign the transaction and download the signature JSON file.
After you have signed the transaction make sure all other (necessary) parties sign the transaction and collect the signatures. To do so send them the JSON file of the transaction (not the signature JSON file you just downloaded. In this example you could immediately push the transaction as the threshold for the active permission has been met, but usually others would have to sign the transaction first.
Pushing a multisignature transaction
After everyone has signed the transaction it is time to collect the signatures and submit the transaction to the network. To do so go to the “Push Transaction” page.
Start by loading the transaction JSON file and add in all signature files afterwards. After you have done so click “Push Transaction” and verify the submission.
If everything went well the transaction goes through and you have created, signed and pushed your first multisignature transaction, congratulations!
Founding block producer for the EOS mainnet. Block producer for the BOS mainnet. WAX Guild candidate. Partner in the Europechain sister chain. Investor in blockchain projects. Governance, intercultural cooperation and security specialist. You can find us here:
EOS Block Producer name: eosamsterdam
BOS Block Producer name: amsterdambos
WAX Guild name: amsterdamwax