serai/docs/protocol/Multisig.md

# Multisig

Multisigs are confirmed on-chain by the `Multisig` contract. While the processor
does create the multisig, and sign for it, making it irrelevant to the chain,
confirming it on-chain solves the question of if the multisig was successfully
created or not. If each processor simply asked all other processors for
confirmation, votes lost to the network would create an inconsistent view. This
is a form of the Byzantine Generals Problem, which can be resolved by placing
votes within a BFT system.

Confirmation requires all participants confirm the new set of keys. While this
isn't BFT, despite the voting process being BFT, it avoids the scenario where
only t (where t is the BFT threshold, as used in the t-of-n multisig)
successfully generated shares, actually creating a t-of-t multisig in practice,
which is not BFT. This does mean a single node can delay a churn, which is
expected to be handled via a combination of slashing, and if necessary, removal.

Validators are allowed to vote multiple times across sets of keys, with the
first set to be confirmed becoming the set of keys for that validator set. These
keys remain valid for the validator set until it is changed. If a validator set
remains consistent despite the global validator set updating, their keys carry.
If a validator set adds a new member, and then loses them, their historical keys
are not reused.

Once new keys are confirmed for a given validator set, they become tracked and
the recommended set of keys for incoming funds. The old keys are still eligible
to receive funds for a provided grace period, requiring the current validator
set to track both sets of keys. The old keys are also still used to handle all
outgoing payments as well, until the end of the grace period, at which point
they're no longer eligible to receive funds and they forward all of their funds
to the new set of keys.

### `vote(keys: Vec<Option<Key>>)`

Lets a validator vote on a set of keys for their validator set.
Initial multisig tracking contract in ink 2022-07-17 21:17:23 +00:00			`# Multisig`

Update the Multisig documentation to be designed around Validator Sets 2022-07-20 06:45:11 +00:00			Multisigs are confirmed on-chain by the `Multisig` contract. While the processor
			`does create the multisig, and sign for it, making it irrelevant to the chain,`
			`confirming it on-chain solves the question of if the multisig was successfully`
			`created or not. If each processor simply asked all other processors for`
			`confirmation, votes lost to the network would create an inconsistent view. This`
			`is a form of the Byzantine Generals Problem, which can be resolved by placing`
			`votes within a BFT system.`
Initial multisig tracking contract in ink 2022-07-17 21:17:23 +00:00
Update the Multisig documentation to be designed around Validator Sets 2022-07-20 06:45:11 +00:00			`Confirmation requires all participants confirm the new set of keys. While this`
			`isn't BFT, despite the voting process being BFT, it avoids the scenario where`
			`only t (where t is the BFT threshold, as used in the t-of-n multisig)`
			`successfully generated shares, actually creating a t-of-t multisig in practice,`
			`which is not BFT. This does mean a single node can delay a churn, which is`
			`expected to be handled via a combination of slashing, and if necessary, removal.`
Initial multisig tracking contract in ink 2022-07-17 21:17:23 +00:00
Update the Multisig documentation to be designed around Validator Sets 2022-07-20 06:45:11 +00:00			`Validators are allowed to vote multiple times across sets of keys, with the`
			`first set to be confirmed becoming the set of keys for that validator set. These`
			`keys remain valid for the validator set until it is changed. If a validator set`
			`remains consistent despite the global validator set updating, their keys carry.`
			`If a validator set adds a new member, and then loses them, their historical keys`
			`are not reused.`
Initial multisig tracking contract in ink 2022-07-17 21:17:23 +00:00
Update the Multisig documentation to be designed around Validator Sets 2022-07-20 06:45:11 +00:00			`Once new keys are confirmed for a given validator set, they become tracked and`
			`the recommended set of keys for incoming funds. The old keys are still eligible`
			`to receive funds for a provided grace period, requiring the current validator`
			`set to track both sets of keys. The old keys are also still used to handle all`
			`outgoing payments as well, until the end of the grace period, at which point`
			`they're no longer eligible to receive funds and they forward all of their funds`
			`to the new set of keys.`
Initial multisig tracking contract in ink 2022-07-17 21:17:23 +00:00
Update the ink! contract to match docs 2022-07-20 08:57:35 +00:00			### `vote(keys: Vec<Option<Key>>)`
Initial multisig tracking contract in ink 2022-07-17 21:17:23 +00:00
Update the Multisig documentation to be designed around Validator Sets 2022-07-20 06:45:11 +00:00			`Lets a validator vote on a set of keys for their validator set.`