Account model, Wallet model and Security on the DEX part 2 of 2 (MultiSig)

in #bitshares7 years ago

Continuing on from my previous article, today we're going to dicsuss MultiSig schemes in BitShares for added security and/or flexibility.

You can find the previous article here: https://steemit.com/bitshares/@clockwork/account-model-wallet-model-and-security-on-the-dex-part-1-of-2

Like any self-respecting blockchain, BitShares allows you to set up M-of-N multi-sig schemes. i.e. An account can have N owners and at least M of which have to sign a proposed transaction in order for it to go through.

That way, you can have accounts/wallets held in different locations/devices with credentials secured in different ways meaning a single compromised account will not be able to spend/steal funds.

BitShares however goes a step further and introduces the concepts of user-controlled weights and threshold.

Each owner added to an account can be assigned a different weight, while the account itself is assigned a threshold which is the number that the summed weights of the signers must reach in order for a transaction to execute.

Default settings are for each owner to be assigned a weight of 1 with the threshold for the account set at 1.
Thus, any one of the owners can freely execute transactions by themselves.

A simple 2-of-3 multi-sig scheme would be achieved by having 3 owners, each with a weight of 1 and the threshold set at 2.

Now, let's consider the case where we have 3 people owning an account with one being the "primary" owner and the other 2 being "secondary" owners. We want the primary owner to be able to freely spend and execute transactions on the account, and the secondary owners to be able to execute a transaction only if both of them agree or if the primary owner agrees as well.

In that case, the threshold would be set at 2 with the primary owner having a weight of 2 this time (so he can execute transactions freely) and the secondary owners having a weight of 1.

If you consider the fact that an account can have an arbitrary number of owners, each of which can also have an arbitrary number of owners themselves, very complex and flexible permission schemes can be set up.

This is especially suited to company/organisation accounts where you could have permissions set up for any scenario.

For example set up a scheme where a transaction could only go through if:

a) the CEO authorises it

or

b) the CFO and at least 1 board member authorise it

or

c) the tech-team and at least 2 board members authorise it (where the tech-team would require authorisation from the majority of tech-team members first)

etc.

Another security-oriented scheme would be one where you set yourself to have a weight just under the required threshold to complete a transaction and assign the weight needed to reach the threshold to many friends while their total still remains under the threshold.

Thus, if your account get compromised, your funds are safe and you also can regain access to them at any time as long as at least 1 of your friends signs off on the transaction. At the same time, your friends cannot conspire to steal your funds.

e.g. set your account's weight to 49 and the threshold at 50, while assigning a weight of 1 to up to 49 friends' accounts.

Hope that explains a few more things about what BitShares is capable of.

Sort:  

Very knowledgable and rep of 5, that raises my interest :-)
Best part of DEX is also worst part, mistakes not allowed, nobody can help you, i learned the lesson hardcore. I like what you describe here, it could be used to have little verification by somebody who is more experienced too. Thanks, i am still curious about the rep 5 though :-)

I've posted a total of 4 articles... 3 educational...all upvoted nicely...

my very first one though was against what I consider a fraudulent ICO...whale downvoted me to hell...

I am very stubborn though and didn't want to create a new account...I'll just raise this one through hard work.

Strong will and mentality, nice, will follow and try to help in your come back story, i see you went up to 6 already :-)

it was 3 just two days ago :P

I assume the same can be done by cloud accounts. I have been skittish about fiddling with it, but noticed I can import users with different weights to them.

The blockchain itself does not make a distinction between wallet/account types. The "cloud" account is essentially a UI "shortcut" to allow you to use a single account without carrying a wallet file.

That's what I thought. It was just your wording that made me think there is a difference in respect to multisig. It is an area I should play around with.

How can we implement this methodology to enable password recovery also?

First things first. There is no such thing as password recovery. Only way to regain access to an account you've lost keys for or locked them and can't decrypt them is to set new keys for the account. This would require Owner key access.

So my first thought would be auto-setting an extra owner-key belonging to a trusted account that would handle such requests by resetting keys...

Not sure thats a very good idea though.

However, since steemit has done it, I guess we only have to look at their code (steemit only uses the equivalent of "cloud" accounts though...not wallets)

I have seen that there are wallets with multi-users on it, but did not know how it works.

Btw, would be nice to have some screenshots with examples on how to actually do it on wallet. One image is worth 1000 of words. 😉

I decided against it because the DEX has no "fixed" frontend and although bitshares.org, openledger, cryptobridge, rudex etc. are all very similar, there are enough differences to confuse people more.

So I decided in favour of explaining the concepts and processes as best as I could. This way, I expect people will be able to figure it out in their chosen UI once they understand the concept.