Continuing on from my previous article, today we're going to dicsuss MultiSig schemes in BitShares for added security and/or flexibility.
You can find the previous article here: https://steemit.com/bitshares/@clockwork/account-model-wallet-model-and-security-on-the-dex-part-1-of-2
Like any self-respecting blockchain, BitShares allows you to set up M-of-N multi-sig schemes. i.e. An account can have N owners and at least M of which have to sign a proposed transaction in order for it to go through.
That way, you can have accounts/wallets held in different locations/devices with credentials secured in different ways meaning a single compromised account will not be able to spend/steal funds.
BitShares however goes a step further and introduces the concepts of user-controlled weights and threshold.
Each owner added to an account can be assigned a different weight, while the account itself is assigned a threshold which is the number that the summed weights of the signers must reach in order for a transaction to execute.
Default settings are for each owner to be assigned a weight of 1 with the threshold for the account set at 1.
Thus, any one of the owners can freely execute transactions by themselves.
A simple 2-of-3 multi-sig scheme would be achieved by having 3 owners, each with a weight of 1 and the threshold set at 2.
Now, let's consider the case where we have 3 people owning an account with one being the "primary" owner and the other 2 being "secondary" owners. We want the primary owner to be able to freely spend and execute transactions on the account, and the secondary owners to be able to execute a transaction only if both of them agree or if the primary owner agrees as well.
In that case, the threshold would be set at 2 with the primary owner having a weight of 2 this time (so he can execute transactions freely) and the secondary owners having a weight of 1.
If you consider the fact that an account can have an arbitrary number of owners, each of which can also have an arbitrary number of owners themselves, very complex and flexible permission schemes can be set up.
This is especially suited to company/organisation accounts where you could have permissions set up for any scenario.
For example set up a scheme where a transaction could only go through if:
a) the CEO authorises it
or
b) the CFO and at least 1 board member authorise it
or
c) the tech-team and at least 2 board members authorise it (where the tech-team would require authorisation from the majority of tech-team members first)
etc.
Another security-oriented scheme would be one where you set yourself to have a weight just under the required threshold to complete a transaction and assign the weight needed to reach the threshold to many friends while their total still remains under the threshold.
Thus, if your account get compromised, your funds are safe and you also can regain access to them at any time as long as at least 1 of your friends signs off on the transaction. At the same time, your friends cannot conspire to steal your funds.
e.g. set your account's weight to 49 and the threshold at 50, while assigning a weight of 1 to up to 49 friends' accounts.
Hope that explains a few more things about what BitShares is capable of.