Skip to main content

Staking and baking with native multisig accounts

Estimated time: 2 hours

The Seoul protocol introduced native multisig user accounts to address two common limitations of user accounts:

  • The entire security of the account usually relies on a single secret key. If this key is compromised, an attacker can gain full control of the account.
  • The model is not well-suited for organizations or shared accounts, because it does not allow multiple users to manage the account collectively.

The usual solution to turn around these common limitations is to use multisig contracts, which are supported in Tezos by a built-in multisig contract or user-created multisig contracts. However, smart contracts cannot stake Tez and they cannot become a baker.

Native multisig accounts allow groups of users to collectively stake funds or bake (including participating in governance, managing funds, and staking and unstaking). They also allow a single user to increase the security of their accounts by spreading authority over multiple keys. These native multisig accounts rely on on BLS keys (tz4 addresses), which have been extended with new features.

Multisig user accounts support two different multi-signature schemes:

  • Signature aggregation (aka N-of-N scheme): All N participants to the multisig account must sign every operation for it to be valid.
  • Threshold signature (M-of-N scheme): A threshold number of M participants out of the total of N members is required to sign each operation.

In either case, there must be at least 2 participants (N >= 2) and at least 2 of them must be required to sign an operation (M >= 2).

This tutorial includes two scenarios that show how you can use native multisig accounts. Both scenarios are quite involved and are not intended for daily use by end users. Rather, they are recommended for developers of tools such as staking or baking applications and wallets, desiring to add features related to native multisig accounts.

  1. Registering a baker with a multisig manager key, using signature aggregation (N-of-N).
  2. Staking by several users using threshold signature (M-of-N).

These scenarios use the Octez client CLI commands on a testnet. They store the keys unencrypted in the Octez client’s configuration; in production use you should store the keys in an encrypted format.

The complete reference for the CLI commands and RPC endpoints associated with this feature is available at Native multisig accounts.

Beyond the flagship use cases presented here, multisig accounts may constitute the starting point of fruitful discussions leading to other new exciting applications for the Tezos blockchain.

Last updated on