Auth-key & Multi-Ed25519
Aptos support native multi-signer authentication. In this design doc, we would use the native implementation of a multi-signer to implement the multi-sig feature. (Reasons, see 3.1).
auth_key = sha3-256(p_1 | . . . | p_n | K | 0x01)
The auth key defines a multi-sig wallet address that needs to collect
K
out of n
signatures to execute the transaction. MSafe adopt this implementation and build the product on top of it with some minor changes.For MSafe, an additional dummy public key is added to serve as a nonce for wallet creation.
For example, Alice, Bob, and Charlie want to create a 2/3 multi-sig wallet, and each of them has a public address annotated as
p_a
, p_b
, p_c
. Thus the first wallet created by the three isauth_key = sha3-256(p_a | p_b | p_c | 0x00...0 | 2 | 0x01)
Note that in this expression, 4 public keys are provided - three from the users, and one assigned by the system. 2 out of the 4 signatures are required to send a transaction. Since the private key of
0x00...0
can never be achieved as a premise of cryptography, it is equivalent to a 2/3 multi-sig wallet created by Alice, Bob, and Charlie.If these three users want to create another multi-sig key, the public key provided by the system will be incremented by 1 (The nonce in MSafe creation module stored for the first owner, p_a). E.g.
auth_key = sha3-256(p_a | p_b | p_c | 0x00...1 | 2 | 0x01)
Last modified 4mo ago