警告:您可能成为了企图假冒本网站内容的目标。 我们检测到该网站被IFRAME包裹,这意味着与EOS Canada无关的人试图向您展示他们的内容与我们的内容相关,可能为了让您相信他们与EOS Canada有关。 我们与任何试图这样做的组织都没有联系,它也没有受到我们的认可



WARNING: you may have been the target of an attempt to misrepresent the content of this site. We detected that the site was wrapped in an IFRAME, which means that someone else, not associated with EOS Canada, attempted to show you their content combined in some way with ours, possibly to make you believe they are associated with EOS Canada. We are not associated with, and do not endorse, any organization attempting to do this.
background-flotant-top-right-01

Blog: EOS Block Producer Tips & News

background-flotant-top-left-01

Q&A - eosio.msig What Does Multi-Sig Do On An EOS Blockchain?

August 08, 2018 / by Alexandre Bourget

Alexandre gives an introduction to why multi-signature (msig) signing is a useful and powerful feature of the EOS blockchain that we should all know about. It helps to make things easier AND more secure.
Still have more questions? Join us on Telegram
https://t.me/EOSCanada

 Transcription:

So today we're going to talk about msig. About the eosio.msig account; multi signature.

Let's picture this. You're going out to the park and you want to gather signatures for a petition. So you have one sheet of paper, and then you go to the people, you walk to them, and then you say "write your name here." And you gather the signatures. So that's very good, but you need to walk, and you need to have a single piece of paper.

In the EOS world, let's say we want to have a transaction be signed by multiple parties. So what you can do, is you can  craft the transaction and then you put it on a USB key. So it's just a JSON file that says transfer from Alice to Bob a million bucks, whatever. And let's say that requires two signatures, because both the mother and father of Alice needs to sign, or something like that.

And so you'll take that JSON file, put it on a USB key, you'll bring that to the computer of Alice's mom and you'll say "please sign this." And you can take her signature - it's just a string of text there - and you can put it inside the USB key on the transaction, whatever stitch it there. And then you can walk to her father's computer and  say "please sign that transaction" (a million dollars remember) and then you'll collect that second transaction.

But that's really annoying, right? It's really physical, or you could do that by email. Send the transaction by email and copy/paste, and bring it back, it's all a little bit annoying. The msig contract allows you to do that on chain. You can take that transaction, you can send it to the msig contract, it's going to save the transaction on the blockchain, and you can require a few permissions to be gathered around. So you could say "I want those two persons to sign" and then you'll send them sort of a link, or whatever a pointer, to that proposed transaction. It's going to be under your namespace, and then it can go, and they can sign a transaction. They're going to say "I approve of that remote transaction." That's what's on chain.

And once you've gathered sufficient signatures, or approvals, anyone - you or whoever - can  submit that transaction to the blockchain to be executed. This is a nice feature of the chain. It's just one contract.

Some of you clever people might have noticed that msig is a privileged account. So the truth is that the signatures are not gathered on chain, but only the approvals. The signatures  are just discarded. And the way the contract is laid out is it saves the fact that this person gave its approval. And once approvals are given, the msig contract is able to execute the transaction without checking the signatures at that point. And because of the way the code is laid out, that's legit. And privileged accounts allow you to do that.

I've heard people  say "oh the msig allows you to impersonate and sign things on behalf of others." This is not true. The way that msig contract is laid out does not allow you to do that. There's something called SUDO that's in the works that could allow you to do impersonation. But msig on its own is a general purpose and a generic way for you to submit transactions to the chain and have other people from the comfort of their homes sign your transaction and approve it.

So I think it's a great security feature. I think it's also a great feature of EOS. The fact that we have that as a native contract is a great feature of the chain.

Topics: Education, EOS.IO blockchain, Video, msig, multi signature

Alexandre Bourget

Written by Alexandre Bourget

Alexandre lives through technology. He wrote his first botnet at 12, later graduated in classical piano and went on to a prolific career in software engineering, with notable open source contributions. Alexandre co-founded two startups, including Bitcredits (a bitcoin payments processor, FounderFuel 2014 Spring Cohort). He then helped PasswordBox (acquired by Intel) craft their data stack and ended up as a lead Data Scientist in the Intel Security Consumer division. Today, Alexandre is very active in the blockchain space, advising several early stage companies. Alexandre taught programming for many years. He does live-coding presentations like no one else (Confoo, PyCon conferences) and is the lead organizer of Golang Montréal. You’ll often find him on Telegram, working through lines of code and bugs with others, doing what he can to help build the EOS community.

Apply to Access Our Newsletter

Get exclusive insights into EOS blockchain technology