Multisig

Multisig (multi-signature) accounts enhance security and decentralization by requiring multiple signatures to approve transactions. A multisig account in LagomChain is a special type of account that requires multiple private keys to sign transactions before they are considered valid.

Multisig accounts are useful for:

• Enhancing security by distributing signing authority.

• Enforcing multi-party approvals for transactions.

• Reducing risks of a single point of failure.

How Multisig Works

A multisig account is defined by:

1. Threshold – The minimum number of required signatures.

2. Public Keys – The set of keys that can sign transactions.

Each transaction must be signed individually by the specified keys. Once the required number of signatures is collected, they are combined into a multi-signature to authorize the transaction. If fewer than the threshold signatures are present, the transaction is invalid.

Creating a Multisig Account

Step 1: Generate a Multisig Key

Use the following command to create a multisig key:

lagomd keys add --multisig=name1,name2,name3[...] --multisig-threshold=K new_multisig_key

• K is the minimum number of required signatures.

• --multisig specifies the public keys that will be combined.

• new_multisig_key is the name of the new multisig account.

Example:

lagomd keys add --multisig=p1,p2,p3 --multisig-threshold=2 multisig_wallet

This command creates a multisig account that requires two out of three (2/3) signatures.

Multisig addresses can also be generated on-the-fly using:

lagomd keys show --multisig-threshold=K name1 name2 name3 [...]

Signing a Multisig Transaction

Step 1: Create the Multisig Key

Assume that three users (test1, test2, and test3) want to create a multisig account.

1. First, import the public key of test3 into the keyring:

lagomd keys add test3 --pubkey=<public_key>

1. Generate the multisig key with a 2/3 threshold:

lagomd keys add multi --multisig=test1,test2,test3 --multisig-threshold=2

1. Verify the multisig account:

lagomd keys show multi

1. Add tokens to the multisig wallet:

lagomd tx bank send test1 multi 10000000000000000000alagom --chain-id=lagom_986-1 --gas=auto --fees=1000000alagom --broadcast-mode=block

Step 2: Create an Unsigned Transaction

To send 5 LAGOM from the multisig account to another address:

lagomd tx bank send \
    lagom1recipientaddress \
    multi \
    5000000000000000000alagom \
    --gas=200000 \
    --fees=1000000alagom \
    --chain-id=lagom_986-1 \
    --generate-only > unsignedTx.json

This creates an unsigned transaction file (unsignedTx.json).

Step 3: Sign Individually

Each signer (test1 and test2) must sign the transaction separately.

Sign with test1:

lagomd tx sign \
    unsignedTx.json \
    --multisig=multi \
    --from=test1 \
    --output-document=test1sig.json \
    --chain-id=lagom_986-1

Sign with test2:

lagomd tx sign \
    unsignedTx.json \
    --multisig=multi \
    --from=test2 \
    --output-document=test2sig.json \
    --chain-id=lagom_986-1

Step 4: Combine Multisignatures

Now, combine the individual signatures into a final multisig transaction:

lagomd tx multisign \
    unsignedTx.json \
    multi \
    test1sig.json test2sig.json \
    --output-document=signedTx.json \
    --chain-id=lagom_986-1

This produces the final signed transaction file (signedTx.json), which contains the required threshold signatures.

Step 5: Broadcast the Multisig Transaction

To broadcast the fully signed transaction:

lagomd tx broadcast signedTx.json --chain-id=lagom_986-1 --broadcast-mode=block

Once broadcasted, the transaction will be processed and recorded on the LagomChain blockchain.

Summary of Multisig Commands

Security Considerations

• Private keys should never be shared. Each participant must sign transactions independently.

• Ensure the correct threshold is set to prevent unwanted transactions.

• Backup your multisig key and participants' public keys to avoid losing access.