Welcome to the Developer Q&A for the MultiChain blockchain platform.

Please feel free to ask questions about the platform to receive answers from the MultiChain developers or other members of the community.

Related questions

4,156 questions

4,369 answers

5,718 comments

Most popular tags

Is it possible to create a Multisig address from 2 wallet addresses in 1 node

+1 vote

Hello,

Of course the need and use of multisig addresses are paramount, however I am somewhat perplex why it seem like a multisig address cannot be "usefully" be created using two (2) wallet addresses from a single node. Here is the reason for my (seemingly outrageous) statement...

Creating and using a mutisig from two (2) wallet addresses and two (2) different nodes works perfectly as each wallet's pubkey is stored separatly in their respective nodes, resulting in a transaction sent from the multisig requires obtaining the signatures from both walllets before the transaction is "complete" and can be broadcast to the blockchain. The process flow for a 2-of-N multisig can be viewed as: create  -> incomplete ->  sign -> complete -> send.

However, if a multisig address is created from two (2) wallets on the same node, creating a transaction using this multisig...surprisingly (at a first glance)...the transaction is immediately considered "complete"...eh? In comparison, the process flow is: create -> complete -> send.

I fully understand why technically this is correct (both wallet's pubkey are held in the node). However, this "behaviour" or outcome seems to render the use of multisig "not useful" i.e. it seems contrary to the intended (and expected) use of multisig.

As a cautionary note: be very careful if you use importprivkey and import a multisig's signatory wallet into the same node of another signatory wallet...a case of the "unintended consequences" will bemoan you.

I am relative new to this exciting world of blockchain...so....am I missing something? I await your response.

Thanks.

Regards,

WRM.

asked Oct 15, 2017 by WRM

1 Answer

0 votes

Well, the signrawtransaction API signs everything it can in a transaction, so if both private keys for a multisig input are in the node's wallets, it will sign that input with both.

If you want to explicitly control which private keys are used for signing a transaction, use the 'private key' parameter of signrawtransaction, passing in private keys obtained using dumpprivkey.

But I might add that in terms of security, there is no point in a multisig whose private keys are all stored in the same place.

answered Oct 16, 2017 by MultiChain
Thanks for the 'heads up' on the ability to explicitly control which private keys are used for signing a transaction.

In the last sentence of your response, you stated "...there is no point in a multisig whose private keys are all stored in the same place".

Is it not a valid scenario to have one node setup to assign addresses to one department of a company, such as 'Finance' and create a 2-of-3 multisig address where all three (3) signatory addresses are from the 'Finance' node.
Then any transaction created by the multisig address will of course require to be signed by two (2) signatures.

What is the recommended implementation to cater for this requirement?
commented Oct 17, 2017 by WRM
The problem is that if the node is stored both private keys then anyone who can access one can also access the other. So it would be fake security.

If you want genuine division of control you need to either hold the private keys in different nodes, or else hold them outside of the node - see: http://www.multichain.com/developers/external-key-management/
commented Oct 18, 2017 by MultiChain
Thanks...your advice is understood and appreciated.
commented Oct 18, 2017 by WRM
...