My intention is to use ed25519verify within a TEAL program to validate data with signature from a specified multisig account.
arg_0 // data
arg_1 // signature
TMPL_PUBKEY_MULTISIG_ACCOUNT
ed25519verify
My understanding of the dsign tool is it currently only signs data using a keyfile generated by algokey representing a single account. However, in a multisig setting a single keyfile would not exist. I believe dsign needs something similar to goal multisig signprogram which enables accumulating signatures.
Is there a workaround using existing tools to construct a multisig on data or is this a feature request to post on GitHub?
ed25519verify indeed can only verify standard ED25519 signatures, not multisig ones.
However, you should be able to simulate a multisig using TEAL script. Here is a draft for a 2-out-of-3 multisig (where public keys are pk1, pk2, pk3) (disclaimer: I’ve not tested the following TEAL script nor reviewed the security):
arg_0 // data
arg_1 // signature under pk1 or empty
addr PK1 // load pk1
ed25519verify
arg_0 // data
arg_2 // signature under pk2 or empty
addr PK2 // load pk2
ed25519verify
arg_0 // data
arg_3 // signature under pk3 or empty
addr PK3 // load pk3
ed25519verify
// at this point on the stack, there should be 3 integers
// 0/1 for each potential signature
+
+ // compute the number of ed25519verify that passed
int 2
>= // check that it's above the threshold = 2
If you know how to sign under pk2 and pk3, you generate these signatures s2 and s3, and call the TEAL script with the following 4 arguments: data, empty, s2, s3.
1 Like
Alright @fabrice interesting workaround. Seems plausible on first glance. I’ll try some tests using a 2:2 msig and let you know how it goes.