How To: Sign Data Using Multisig

My intention is to use ed25519verify within a TEAL program to validate data with signature from a specified multisig account.

arg_0 // data
arg_1 // signature
TMPL_PUBKEY_MULTISIG_ACCOUNT
ed25519verify

My understanding of the dsign tool is it currently only signs data using a keyfile generated by algokey representing a single account. However, in a multisig setting a single keyfile would not exist. I believe dsign needs something similar to goal multisig signprogram which enables accumulating signatures.

Is there a workaround using existing tools to construct a multisig on data or is this a feature request to post on GitHub?

ed25519verify indeed can only verify standard ED25519 signatures, not multisig ones.

However, you should be able to simulate a multisig using TEAL script. Here is a draft for a 2-out-of-3 multisig (where public keys are pk1, pk2, pk3) (disclaimer: I’ve not tested the following TEAL script nor reviewed the security):

arg_0 // data
arg_1 // signature under pk1 or empty
addr PK1 // load pk1
ed25519verify

arg_0 // data
arg_2 // signature under pk2 or empty
addr PK2 // load pk2
ed25519verify

arg_0 // data
arg_3 // signature under pk3 or empty
addr PK3 // load pk3
ed25519verify

// at this point on the stack, there should be 3 integers
// 0/1 for each potential signature
+
+ // compute the number of ed25519verify that passed
int 2
>= // check that it's above the threshold = 2

If you know how to sign under pk2 and pk3, you generate these signatures s2 and s3, and call the TEAL script with the following 4 arguments: data, empty, s2, s3.

Alright @fabrice interesting workaround. Seems plausible on first glance. I’ll try some tests using a 2:2 msig and let you know how it goes.