Multisig (multiple signatures) accounts are a great tool to increase security or distribute control of an account. A multisig account is an account that consists of several signatory accounts and it needs the approval of some or all of them in order to issue an extrinsic.

In this article, you'll learn about the basics of a multisig account, possible use-cases, how to create, and how to use a multisig account.

Basics of multisigs

A multisig account consists of two parts:

1. The signatories

2. The threshold

The signatories are the different accounts that constitute the multisig and can be from 2 to 100. This is the number of accounts that can issue transactions from the multisig if an adequate number of the other signatories agree.

The threshold is the number of signatories that need to approve a transaction in order for it to happen, and usually is at least the majority of the signatories. The minimum threshold can be 2 and the maximum is the number of signatories.

So, if a multisig has, for example, 5 signatories and a threshold of 3, we say it's a 3-of-5 multisig, which means that from the five signatories, three need to approve a transaction in order for it to happen (including the one who initiated the transaction).

It's important to make clear that multisig accounts don't have a mnemonic phrase or private key of their own. They are controlled exclusively by the signatories. Also, the same set of signatories with the same threshold will always produce the same multisig.

Finally, the signatories of a multisig can be any kind of account. They can be a simple account in the Polkadot extension or a Ledger account controlled by a single person, they can be multisigs themselves, anonymous proxies, etc. However, the more complex the setup the more complex it becomes to sign transactions for the multisig, so in this article we'll assume all signatories are simple accounts, controlled by one person each. 

IMPORTANT: Once a multisig account is created, you cannot change neither the signatories, nor the threshold.

If you need to be able to do that, a more complex setup that uses anonymous proxies is required, but we won't cover that in this article.

Who are they useful for?

Organizations are usually the ones who utilize multisigs the most. That's because in an organization usually a single person should not be able to manage the organization's funds, but instead, several people, the board of directors, for example, need to agree to a transaction. 

In this case, the organization can create a multisig account, where the signatories are the members of the board and the threshold is the specific number of directors who need to agree for a transaction to happen. 

These are usually n-of-m multisigs, where the threshold is less than the total number of signatories.

But multisigs can be used for personal accounts as well. In that case, they offer more security. For example, instead of keeping your funds in a Ledger account (which is very secure on its own), you want more security, so you store them in a 3-of-3 multisig that consists of your Ledger account, an account on Parity Signer, and an account on Polkadot extension. Or on three separate Ledger devices. So, in this scenario, your funds can get compromised only if all three of these accounts are compromised. Triple the security! 

Obviously, signing transactions with such an account is more cumbersome, so you need to find the right balance between security and usability that meets your needs.

These multisigs are usually n-of-n, meaning that all signatories are needed to approve a transaction because all of them are controlled by the same person and the goal is more security.

WARNING! If you create a n-of-n multisig and you lose access to even one of the signatory accounts, you lose access to the multisig as well!

How to create a multisig account

Let's say, Alice, Bob, and Charlie want to create a 2-of-3 multisig to jointly manage their startup's funds. Let's see how it's done.

A. The first thing they need to do is add everyone else's account in their Address Book on Polkadot-JS UI. We'll play as Alice, but the other two need to do the same. Obviously, we assume that everyone has access to their own account on the Accounts page.

A1. On Polkadot-JS UI, go to Accounts > Address Book:

A2. Click on the "Add contact" button on the right side and in the modal that opens up enter Bob's address and give the contact a name. Then click "Save".

This will add Bob's account as a read-only account, and we do the same for Charlie's account. In the end, we should have both accounts in our Address book.

NOTE: If you are creating a multisig for your personal use, only with accounts you already control yourself, you don't need to add them to the Address Book. They are already in your Accounts page.

B. Now it's time to create our multisig account. All three signatories need to do this process to add the multisig to their Accounts page.

B1. Go to the Accounts page and click on the "+ Multisig" button:

B2. In the modal that opens up, click on Alice's, Bob's, and Charlie's accounts under the "available signatories" column to move them over to the "selected signatories" column.

B3. Then enter the threshold. Since we want a 2-of-3 multisig, we leave it at the default value of 2. If you wanted to create a 3-of-3 multisig, you'd need to change it to 3.

B4. Finally, give the multisig account a name and click the "Create" button.

The multisig account is created!

How to use a multisig account

Now that the multisig is created and funded, Alice, Bob, and Charlie want to make a transaction. 

Whenever a multisig transaction (call) is initiated, whoever initiated it needs to reserve a deposit of a little more than 20 DOT. The exact amount depends on how large is the threshold of the multisig. If you want to know exactly how much it is and how it's calculated, you can check this wiki article. This reserve is released when the transaction is approved or canceled. The rest of the signatories don't need to reserve a deposit.

This is done to prevent bloating of the chain state from multisig calls that are initiated but never completed. So, whoever plans to initiate calls needs to have at least 20.5 DOT transferable balance in their account to be able to pay for the deposit.

Let's see how it's done.

1. Alice is the one that initiates the transaction, which is a balance transfer of 1 DOT to Michalis. Do that like any other balance transfer, from the multisig account:

2. Click on "Make Transfer" and the following modal appears:

3. Copy "multisig call data" and share it with Bob and Charlie. They'll need it to finalize the call. Then click "Sign and Submit".

4. Once the extrinsic is signed, the multisig call is initiated and ~20 DOT is reserved in Alice's account. Also, an icon appears next to the multisig account indicating there's a pending call that needs approval.

5. Bob sees this, hovers over the icon, clicks on "View pending approvals", and the following modal appears:

6. Since this is a 2-of-3 multisig, only one more approval is needed to issue the transaction, so in this case, the second approval is also the final one. The signatory providing the final approval needs to paste the "multisig call data" provided by the initiator (depositor) in order to finalize the call. So, Bob pastes the call data Alice shared and clicks "Approve".

If the threshold was higher than 2, then the intermediary signatories wouldn't need to paste the call data, they would approve it without it. Only the final signatory needs the call data to provide the final approval, as indicated by the switch pointed out in the screenshots. 

This switch is automatically enabled or disabled based on whether this is the final approval or not, and should not be changed.

7. Before signing the transaction, Bob wants to verify what exactly he's signing and make sure Alice didn't make a mistake. He goes to Developer > Extrinsics and goes to the tab "Decode". There he pastes the multisig call data and can see exactly what is the transaction from the multisig account he's about to approve:

8. Satisfied that everything is in order (keep in mind that the value above is displayed in Plancks), Bob gives the final approval and the balance is transferred. Also, Alice's deposit is unreserved.

How to cancel a multisig call

Let's say that Alice (or Bob or Charlie) realizes that she made a mistake when issuing the extrinsic and they want to cancel it. Obviously, this needs to happen before the call is finalized, and only the initiator (depositor) of the call can cancel it. Here's how:

1. Click on "View pending approvals" as explained above.

2. On the modal that opens up, click on the "approval type" drop-down menu and select "Cancel this call hash". Then click "Reject". This will cancel the multisig call and release the reserved deposit in Alice's account.

Reminder: Only the signatory who initiated the call can do that.

In this article, you learned how to create and use a multisig account and what they're useful for. If you want to learn more about multisigs, you can check this wiki article.