Status

DECIDED

Stakeholders

Makoto Takemiya Salakhiev Kamil Egor Ivkov  Vadim Reutskiy

Outcome

Unable to render Jira issues macro, execution error.

Due date
Owner

Egor Ivkov

Background

At the time of writing Iroha works with single-signature transactions which are accepted by the peers signed only by one signatory. However in some cases it is not enough.

Problem

There is a need for transactions that should be signed by several signatories from the same account for security purposes when dealing with large sums of money. Also it is planned to support conditional multisig (for example to support typical scenarios as two tellers should sign or one manager should sign). The detailed description of conditional multisig can be found in the whitepaper.

Requirements

From Iroha 1:

A transaction which has the quorum greater than one is considered as multisignature (also called mst). To achieve stateful validity the confirmation is required by the signatories of the creator account. These participants need to send the same transaction with their signature.

And from Iroha 1 again:

Multisignature Transactions Processor

It is an internal gRPC service that sends and receives messages from other peers through Gossip protocol. Its mission is to send out multisignature transactions that have not received enough signatures to reach the quorum until it is reached.

From Vadim Reutskiy

1. To have quorum in each account and possibility to change it by the command (+ corresponding permissions)
2. To have possibility to configure list of signatories for the current account (+ corresponding permissions)
3. To have possibility to get list of pending transactions waiting for the additional signatures (related to the current account or in network in general + corresponding permissions)
4. Configuration of the time, while pending transactions will be in the pending list before being rejected
5. Corresponding checks in stateful validation to check all these rules
6. Corresponding checks and sync in the block proposal algorithm, consensus and mechanism of syncing the list of pending MST transactions between all nodes.
7. Place for future insertion of the conditional logic for MST checkups

Conditional multisignature

From the whitepaper: https://github.com/hyperledger/iroha/blob/iroha2-dev/iroha_2_whitepaper.md#conditional-multisignature

Let's consider a situation where a bank wants to allow either 2 tellers or 1 manager to sign off on any transfer transaction over $500 and under $1000. In this case, the condition will be: Condition.asset("usd@nbc").qty(500).comparison(">").qty(1000).comparison("<") and the signatory_sets for the tellers and manager will be OR unioned, so that either the m-of-n signatues from the tellers or the single signature from the manager will be acceptable for transaction signing.

Solution

Second version of Iroha evolved the design of Iroha 1.x and can't use the same approach while it works to address requirements.

Conditional mutlisig

The conditional multisig is planned to be implemented with the support of the Expressions that let the user to define their own conditions. An example implementation of the whitepaper scenario is given in one of the expression tests.

Transaction Pipeline

In Iroha2 there will not be a strict division between a multisig and a simple transaction. Instead transactions will be collected on the leader peer in a queue until the moment its account's `signature_condition` (in the form of Expressions) is true for this transaction or dropped when its TTL is reached.

Client Side Interaction

Iroha 1.x Approach

It was considered to use the same approach as in Iroha 1.x and to send the same transaction several times with different signatures from the client. But there is a following problem with this approach:

Transaction hash incorporates the timestamp of transaction creation in Iroha2. So even if transaction were sent with the same contents, the hash because of the timestamp will be different, and therefore it would be impossible to aggregate signatures (which have hash as a payload).

Iroha 2 Approach

Therefore in Iroha2 the following approach is planned to be used.

  1. First client to submit the MST transactions, submits it normally as any other transaction
  2. Other clients that want to add signatures to this tx request this pending tx from the Iroha peer and sign it with their signature and resubmit it.

But the UX does not need to change for the end user. For example:

  1. User wants to submit a transaction
  2. Client library requests if there are any transactions waiting for signatures from this account
  3. If there are, it acquires them and compares to the one that user wants to submit
  4. If contents of transaction match excluding the timestamp
  5. Client library asks if the user wants to add a signature to already existing transaction

Therefore users may submit MST asynchronously without the knowledge of who submitted it first.

Concerns

Assumptions

Risks

Additional Information

  • No labels

10 Comments

  1. Nikita Puzankov

    Makoto Takemiya , Salakhiev Kamil , Egor Ivkov please comment

  2. Nikita Puzankov

    From Egor Ivkov:

    From what I understand we plan to gather MST in the queue of pending transactions and wait for all the signatures to arrive. But I don't think executing ISI of the pending transaction fits our original design, where all the transacation's ISI are executed only when the tx is committed.

    1. Bogdan Mingela

      Ofc ISI should be validated and executed only after the signatures gathering
      You can refer to the Iroha transaction statuses transitions https://iroha.readthedocs.io/en/1.1.0/core_concepts/glossary.html#transaction-statuses

  3. Kamil Salakhiev

    I don’t this MST should be used for such scenario. MST transaction can be signed only by the list of signatories corresponding for creator of transaction. I don’t think it is convenient for buyers add sellers to the signatory list.

    Signatory list is not supposed to change very often. In provided use case it should be changed quite often as buyers can perform buying quite often

    1. Nikita Puzankov

      You talk about a more restricted and limited in use implementation for MST, while as I understand in general it can be more generic with more cases to cover.

      It will be great to have some real scenarios from Iroha based projects here, can I ask you to bring them?

      1. Bogdan Mingela

        The case discussed is easily resolved by a trusted smart contract instead of Arbiter.

        Moreover I tend to think the scenario is not well defined and probably incorrect:

        >If Arbiter will try to Transfer XORs to itself

        ISI must define the destination account I guess


        Moreover, how to exclude the Arbiter from the next transaction? Or participants just have to use other accounts for other deals? It makes ability to deploy a corresponding smart contract even better..

        1. Nikita Puzankov

          What do you mean by "trusted smart contract"? Arbiter is just an `Account` which will be needed to sign transaction in case of disputes between seller and buyer.

      2. Salakhiev Kamil

        1. Bank operators:
          Bank client wants to add their money to Iroha based payment system. They give money to operator, then operator creates transactions and signs using their private key. Then Head of operators department needs to sign this transaction with his private key to actually send money to client. Such scenario can be modelled using Iroha where Client is Iroha account, Bank operator is Signatory 1, Head of operators department is Signatory 2, transaction is TransferAsset, Quorum is 2
        2. Soranet signatories:
          There are owners of Soranet main account that hold all issued XORs and distribute them to projects and Sora users who need to get their reward for voting. Soranet main account holds a lot of XORs, so to increase security several signatures required to perform transfers. Therefore Soranet main account's transactions should be signed by several owners. Such scenario can be modelled using Iroha where Soranet main account is Iroha account with Quorum N (minimal number of signatures to send transactions), owners of account are signatories

        The example that you described in RFC can be implemented using Batches approach without any arbiter. Buyer creates batch with 2 transactions: 

        1. Transfer of money asset from Buyer to Seller (creator field of this tx will be set to Buyer account id).
        2. Transfer of good asset from Seller to Buyer (creator field of this tx will be set to Seller account id)

        Then this Batch is sent to Iroha and has only signature of Buyer. Transaction is kept in Pending transactions queue unless Seller signs his transaction

  4. Bogdan Mingela

    As for the data Ales referenced from D3 experience.

    There were some 'external' validators planned that should sign user transactions additionally. Hence it'd be much more convenient to have an option to define 'signatory groups' for a transaction or an account to satisfy the case. So such a transaction would need to collect signatories quorum within each subset of signatures separately to be treated as a fully signed transaction.

    Moreover there were many thoughts and discussions about signatories weight, i.e. an MST transaction has 5 signatories but their 'weight' could be different (60/40/20/10/10). So in order to be processed the transaction should contain >= 100 of the weight. We solved this with a single signatory having (6/4/2/1/1) key pairs and the account had quorum of 10 but it is not so convenient.

    1. Nikita Puzankov

      It looks like another MST model, will look at alternatives to MN