Thank you Jabo for initially writing this guide.
Multi-signature accounts are a powerful tool to have at your disposal but you need to use this tool with caution. Some important things to point out are:
- Once you convert an account to a multi-signature account, you can no longer initiate transactions from that account. All transactions from the multi-signature account must be initiated by one of the cosignatories. This can be thought of as a parent/child relationship. The account(s) that are signers are parent accounts and the account that has been turned into a multisig account is a child account. The parent accounts have full custodial control over the child account, and the child account no longer has any control over its funds.
- NEM's current implementation of multisig is "M-of-N", meaning M can be any number equal to or less than N, i.e., 1-of-4, 2-of-3, 4-of-9, 11-of-12 and so on. NEM also allows "N-of-N" accounts, i.e., 1-of-1, 2-of-2, 5-of-5, 10-of-10 and so on. With N-of-N accounts transaction have to have all N cosignatories sign the account, but to edit the singers on the account it is "N-1", meaning for example, if you create an account with 3 cosignatories only 2 signers are necessary to delete or change the third signature - hence N-1 (3 being "N" in the above example).
- You can create multi-signature accounts with up to 64 signatories. But beware, if more than 1 key gets lost this would currently result in the permanent loss of access to the funds held by the multi-signature account.
If you don't want to use any existing addresses as cosignatories, you can just create new accounts.
When starting to use NEM, it is possible that you only have one account in your NEM wallet. If so you will need to go ahead and create at least one more account. This account will be the account that initiates the multisignature account creation. You will also need a set of account numbers that you will also want to add to be additional signers.
If you need to create a new account then on the top left of your screen next to your account address you can see a gear icon, please click there and choose the option “Create New Account”.
In the upcoming window please enter a private label and your wallet password and click "Create". You can create as many new accounts as you want to be cosignatories.
The account that is converted to a multi-signature account loses its ability to send transactions by itself. One of the cosignatory's accounts has to initiate the transaction.
In the picture above Duncan Idaho has decided to make his account a multisig account. So next he will open up another account. That account is called "Leto A" for the purpose of this tutorial, and will be a cosigner on the account. Again, by clicking Duncan “Convert to multisig” Duncan knows that the his original account will lose all power to send XEM and now only the cosignatories' accounts like Leto will have power and will be able to send transactions.
Once inside the new Leto account, Duncan finds a small gear icon next to the account name and number and click on it. A dropdown menu appears and then we can click on "Convert other account to multisig".
Step 2) Converting an account to multisig
First under the text box labeled "Multisig account". We need to pick the account named "Duncan Idaho".
He then adds all the people he wants to be cosigners on the account. Including himself, this will be a 5-of-5 multisig account.
Lady Jessica - TD5JO2-PBUH2S-Z3ECRR-O4XECI-4U2JQN-QJOO2Y-YWV5
Thufir Hawat - TD34VV-RIBR35-F6O536-QYGOOM-CS6F67-L35Q22-O22N
Chani - TC46UN-75KBAL-6QEEAB-EKREZC-Z7J7PD-5JZPJM-XWK3
Dr. Kynes - TBDCUQ-ZIJD4L-KX3ZPY-XEMONS-B62TJI-E4XMMQ-YVUE
NEM recognizes the labels of these accounts if they have been saved in the address book before.
Once that is done click "Convert". If all goes correctly your will see a confirmation screen.
Congratulations. You have created a multisig account on NEM.
When we view any of the accounts associated with Ducan's account, we can now see some special symbols next to the accounts. A yellow paper clip means it is a multisig account. A green M with a plus sign means a transaction came in from a multisig account. A grey M with indicates and account is pending, and a red M indicates that a transaction was sent.
Sending multisignature transactions
1) Initiating a transaction
Whenever Duncan wants to send a transaction now, He will use Leto's account. Actually any signer can initiate a transaction though. In the following picture, we will pretend Doctor Kynes is starting the transaction. In this example the account is N-of-N, so all signers will have to sign for a transaction, but M-of-N is also possible (e. g. 2 out of 3 have to sign, or 5 out of 9, or any other combination up to 64).
In this case we have decided to send Stilgar 1000 XEM from Duncan's account. After we click “send XEM” from inside of Doctor Kynes account, we will need to choose Duncan’s account. To do this, he needs to click on the arrow on the right side of the box labeled "Sender". After all the other information is filled out, it is okay to click send.
When we go into Duncan's wallet, we can now see that he has a pending transaction that is labeled with an “M” for multisig.
2) Cosigning a transaction
If you look at the accounts of any of the other cosigners, it will look a little different. In this case we will use Chani's account. A new and exclusive innovation found only in NEM is that any person who is a cosigner will be notified that there is a transaction to sign. There will be a request on their dashboard to “sign” the transaction. Until all signers have signed, Stilgar will not receive the XEM.
What does Duncan see?
While Duncan cannot sign from his original account, he can see that a transaction has been started and can monitor its progress.
When we go into Duncan's wallet, we can now see that he has a pending transaction that is labeled with an “M” for multisig. And that it is going to Stilgar. And if we click "view" we will see even more.
In the picture above, we know that the 1000 XEM is being sent to Stilgar. It was Doctor Kynes that started the transaction and Chani, Leto A, Thufir Howat, and Lady Jessica have all decided to sign and in a moment Stilgar will receive the XEM!
In NEM the multisignature accounts are set up on a parent/child relationship as mentioned before. This has a couple of unique advantages.
If a person believes their private key of an account has been compromised, instead of transferring out all the XEM and mosaics from that account, they can simple make that account a 1-of-1 multisig. An account that has not been compromised can be assigned to be the 1-of-1 signatory over that account and a person can know their funds are secure. If there is another threat, then the account can be signed over to yet another newly created account.
At the point of writing this blog ownership of namespaces and/or mosaic editing rights attached to a namespace are not directly transferable through the blockchain. That feature will be planned later for those who want to transfer namespaces.
You can however create a 1-of-1 multisig account, which is essentially a delegate account of your primary account. Because of NEM’s unique architecture that delegate account's private key will be muted and all control of all transactions for that account will be transferred to the issuer's primary account. But NEM's multisig feature allows editing of the delegation of signers (parent/child relationship giving the child to a different parent). This now means that a user may then transfer all rights of their primary account over a delegate account to any third party by assigning that third party's main account to be the new 1-of-1 signer. Once completed that third party’s primary account now holds the namespace and mosaic editing rights as well as full control over all activities for that account.