Multisig Revamp for StructuredData/AppendableData

Thread Summary:

We mostly agree to this on the first look so will keep it ready for implementation when other higher priority tasks get flushed out. Also when 100% weight can only be reached by more than one signature, we will need to come up with a good solution to get it. Currently it is only possible by circulating the data around and the last owner doing the post after adding signature. We will look at if anything better can be done here such as maybe getting Vaults to accumulate signatures for POST operations from different clients until the required weight is reached and then handling the request. We might need to check how certain other systems do multisig as well to see how we compare. The adding of granularity does make it powerful but need to ensure it does not come at the cost of complexity and devs understand it easily.


Weighted signatures with a threshold is a great step in the right direction, and the proposed implementation seems solid.

However, I think there is much to be gained by looking at bitcoin script, particularly BIP-16 Pay to Script Hash.

Determining ownership

Considered at the highest level, ownership depends on an ownership_test function:

has_ownership = ownership_test(owners, signatures)
if (has_ownership) { modify }

Initially, ownership_test checked more than half of owners signed:

ownership_test(owners, signatures) {
    valid_signatures = find_valid_signatures(owners, signatures)
    return len(valid_signatures) > 0.5 * len(owners)

In this thread, it has been proposed to check if a weight threshold has been exceeded:

ownership_test(owners, signatures, threshold_weight) {
    valid_signatures = find_valid_signatures(owners, signatures)
    signed_weight = combined_weight(valid_signatures)
    return signed_weight > threshold_weight

I believe more complex ownership_test functions will be required in the future. I base this on the increasing complexity of bitcoin’s scripting language and popularity of multisig and P2SH transactions. Ownership testing in structured data may take the form ownership_test(owners, signatures, script) so the evaluation of ownership is independent of the SD itself. ie

ownership_test(owners, signatures, script) {
    return script(owners, signatures)

This is not without risk, and it increases complexity. It’s likely this is a step too far too soon, but I want to put it out there for consideration.

The safe network is also potentially looking to having cpu available as a network resource; this may tie in with that.