| Status | IN_PROGRESS |
|---|---|
| Stakeholders | |
| Outcome | |
| Due date | |
| Owner |
Background
...
By default Iroha works with single-signature transactions which are accepted by the peers signed only by one signatory. However in some cases it is not enough.
...
Problem
Let's take an example of selling good from Seller to Buyer with independent Arbiter involved . Buyer sends XORs Transfer Iroha Special Instruction needed to cover the price of the good.
Seller should send a physical good to the Buyer to complete XORs Transfer. Multisignature transaction could be use used to make this process safe.
M-of-N
If M is the required number of signatures and N the total number of available signatures so in this example we need to set `M=2` and `N=3` (restricted by Signatures of Seller, Buyer and Arbiter).
...
If Arbiter will try to Transfer XORs to itself, it will fail because one signature is not enough in this situation.
Introduction
Multisignature transactions in general provide an ability to restrict some actions for individual signatories, to implement them in Iroha we need to check more specific requirements from stakeholders.
...
Let's consider a situation where a bank wants to allow either 2 tellers or 1 manager to sign off on any transfer transaction over $500 and under $1000. In this case, the condition will be: Condition.asset("usd@nbc").qty(500).comparison(">").qty(1000).comparison("<") and the signatory_sets for the tellers and manager will be OR unioned, so that either the m-of-n signatues from the tellers or the single signature from the manager will be acceptable for transaction signing.
...
Solution
Second version of Iroha evolved the design of Iroha 1.x and can't use the same approach while it works to address requirements.
...
The same way Multisignature transactions implementation can be done. Main questions should be answered before that.
Decisions
Multisignature transaction identification
Given `M` as required amount of signatures to collect and `N` as a set of legal signatories Then if `M` is greater than 1 Transaction should be treated as Multisignature.
Signatories set
As mentioned in "Multisignature transaction identification" `N` is a set of legal signatories. What variants we can have in this set?
...
In this case `Quantity` variant is less restrictive than goes `Holders` and `Set` as most restrictive.
Configuration
Multisignature Transactions can be configured by a combination of `CheckSignatures` Iroha Special Instruction mandatory for every transaction with `N` Initial transaction's author Account's Asset.
If `CheckSignatures` passed successfully rest of instructions applied to the state. Otherwise transaction will be send to all peers.
Alternatives
...
Concerns
- Should we guarantee persistence of Multisignature transactions waiting for required signatures on the ledger?
- Should we provide configuration of Multisignature without assets (client only)?
- How to merge Multisignature transactions signatures?