Aptos support native multi-signer authentication. In this design doc, we would use the native implementation of a multi-signer to implement the multi-sig feature. (Reasons, see 3.1).

According to Aptos doc, the multi-key authentication key is defined as follows:

auth_key = sha3-256(p_1 | . . . | p_n | K | 0x01)

The auth key defines a multi-sig wallet address that needs to collect K out of n signatures to execute the transaction. MSafe adopt this implementation and build the product on top of it with some minor changes.

For MSafe, an additional dummy public key is added to serve as a nonce for wallet creation.

For example, Alice, Bob, and Charlie want to create a 2/3 multi-sig wallet, and each of them has a public address annotated as p_a, p_b, p_c. Thus the first wallet created by the three is

auth_key = sha3-256(p_a | p_b | p_c | 0x00...0 | 2 | 0x01)

Note that in this expression, 4 public keys are provided - three from the users, and one assigned by the system. 2 out of the 4 signatures are required to send a transaction. Since the private key of 0x00...0 can never be achieved as a premise of cryptography, it is equivalent to a 2/3 multi-sig wallet created by Alice, Bob, and Charlie.

If these three users want to create another multi-sig key, the public key provided by the system will be incremented by 1 (The nonce in MSafe creation module stored for the first owner, p_a). E.g.

auth_key = sha3-256(p_a | p_b | p_c | 0x00...1 | 2 | 0x01)