Multisig (multiple signatures) accounts are a valuable tool to enhance security and distribute control of an account among multiple entities. Essentially, a multisig account is an account that involves several signatory accounts, and it requires the approval of some or all of them to initiate a transaction (extrinsic). This article provides an overview of multisig accounts, explores potential use cases, and offers guidance on creating and utilizing such accounts.

Introduction to Multisig Accounts

The configuration of multi-signature accounts (abbreviated as multisig) is feasible on Substrate-based chains. A multisig is fundamentally constructed from one or several addresses in tandem with a threshold value. This threshold demarcates the necessary quantity of signatories (active addresses) to reach a consensus on submitting an extrinsic, culminating in a successful execution of the call.

Let's illustrate this with an example: Alice, Bob, and Charlie devise a multisig account with a threshold set to 2. This implies that a consensus between Alice and Bob is sufficient to execute any call, regardless of Charlie's dissent. Similarly, Charlie and Bob can execute any call without Alice's consent. In most cases, the threshold value is smaller than the total number of participants but can also be equivalent to it, meaning unanimity is mandatory.

Multi-signature accounts serve a number of purposes:

• Security for your stash: multisig accounts can be employed as a 2FA mechanism to bolster the security of your funds. Each signer could be on separate computers, or even one in cold storage. Although this method may slow down chain interactions, the security level is exponentially enhanced.
• Board decisions: Legal entities such as corporations and foundations can employ multisig accounts for collective treasury management.
• Group participation in governance: a multisig account has the same functionality as a regular account. For instance, in Cere Network governance, a multisig account could represent a council member, where multiple community members cast their votes as a single entity.

Once created, multi-signature accounts are immutable. The member set or the threshold cannot be altered and would necessitate the dissolution of the existing multisig account and the creation of a new one. Hence, multisig account addresses are deterministic, meaning the address of a multisig account can always be calculated knowing the members and the threshold, even before the account's creation. This characteristic allows for the sending of tokens to an inexistent address, which would be accessible once the intended recipients form a new multisig account with a matching threshold.

Understanding Multisig Accounts

A multisig account operates on the principle of requiring multiple signatures to authorize a transaction. Instead of a single account owner having complete control over the account, the multisig account involves several owners, often referred to as signatories. These signatories collectively manage the account and must provide their consent for any outgoing transactions.

The number of required signatures and the specific signatories involved can vary depending on the multisig account's configuration. For instance, it might be set up to require approval from a majority of signatories or all of them to execute a transaction.

A multisig account consists of two parts: The signatories and the threshold.

The signatories are the different accounts that constitute the multisig and can be from 2 to 100. This is the number of accounts that can issue transactions from the multisig if an adequate number of the other signatories agree.

The threshold is the number of signatories that need to approve a transaction for it to happen. Usually, it is at least the majority of the signatories. The minimum threshold can be 2, and the maximum is the number of signatories.

So, suppose a multisig has, for example, 5 signatories and a threshold of 3. In that case, we say it's a 3-of-5 multisig, which means that from the five signatories, three need to approve a transaction for it to happen (including the one who initiated the transaction).

It's important to make clear that multisig accounts don't have a mnemonic phrase or private key of their own. They are controlled exclusively by the signatories. Also, the same set of signatories with the same threshold will always produce the same multisig.

Finally, the signatories of a multisig can be any kind of account. They can be a simple account in the Polkadot{.js} extension or a Ledger account controlled by a single person; they can be multisigs themselves, anonymous proxies, etc. However, the more complex the setup, the more complex it becomes to sign transactions for the multisig. In this article, we'll assume all signatories are simple accounts controlled by one person each.

Use Cases for Multisig Accounts

Multisig accounts offer a range of practical use cases in various scenarios: