Auth-key & Multi-Ed25519
Aptos support native multi-signer authentication. In this design doc, we would use the native implementation of a multi-signer to implement the multi-sig feature. (Reasons, see 3.1).
auth_key = sha3-256(p_1 | . . . | p_n | K | 0x01)
The auth key defines a multi-sig wallet address that needs to collect
nsignatures to execute the transaction. MSafe adopt this implementation and build the product on top of it with some minor changes.
For MSafe, an additional dummy public key is added to serve as a nonce for wallet creation.
For example, Alice, Bob, and Charlie want to create a 2/3 multi-sig wallet, and each of them has a public address annotated as
p_c. Thus the first wallet created by the three is
auth_key = sha3-256(p_a | p_b | p_c | 0x00...0 | 2 | 0x01)
Note that in this expression, 4 public keys are provided - three from the users, and one assigned by the system. 2 out of the 4 signatures are required to send a transaction. Since the private key of
0x00...0can never be achieved as a premise of cryptography, it is equivalent to a 2/3 multi-sig wallet created by Alice, Bob, and Charlie.
If these three users want to create another multi-sig key, the public key provided by the system will be incremented by 1 (The nonce in MSafe creation module stored for the first owner, p_a). E.g.
auth_key = sha3-256(p_a | p_b | p_c | 0x00...1 | 2 | 0x01)