Multisigs, Saturn, & Account Unification
As the number of blockchains continues to grow, the user experience is becoming increasingly fragmented for both individual and collective token management.
The Saturn multisig is a powerful new protocol, built on InvArch Network, that is poised to bring about a step change improvement in ease of use and flexibility in on-chain asset handling. But what is a multisig and why is Saturn so unique?
Let’s explore.
“Not Your Keys, Not Your Coins”
An often misunderstood aspect of blockchains is that tokens are not stored in wallets (like MetaMask, Nova, Talisman, Phantom, Keplr, Core, etc.). Instead, they exist in accounts that are recorded on a blockchain’s ledger, which is collectively maintained and updated by its validators (or miners). What is stored in a wallet is just a unique series of letters and numbers, known as a “private key”, that grants those who know it the right to send tokens from or make other changes to its corresponding account on the blockchain.
In addition to securely storing these alphanumeric strings, wallets provide simple UIs that make it easy for users to approve transactions from their accounts (without revealing their private keys). After these transaction requests are cryptographically signed and transmitted to the network, validators check that they were valid (signed with the correct key, had enough tokens, etc.) and then they collectively update the state of that account (and whichever others it interacted with) on the ledger.
What is a Multisig?
While it is typical for a single private key to control an account, it’s extremely useful to be able to set up an account that requires approval from multiple private keys. Such a system is called a multisig (short for multisignature account/wallet). There are two distinct use cases that multisigs typically serve: enhanced security for individuals and collective asset management.
The reason that multisigs can be useful for individuals is that a thief would have to steal more than one of their private keys, which can (and should) be stored in separate locations. While this does provide significantly stronger security, signing every transaction from multiple wallets is a bit of a logistical headache. As a result, individual use of multisig wallets makes more sense for long term storage than day to day use.
Far more commonly, multisigs are used for multi-party ownership and co-management of crypto assets. As with individuals, having a different person custody each key for a multisig enhances security since multiple members would have to lose their private key or have it stolen for assets to be at risk. Even more importantly, the requirement for a sufficient threshold of co-owners to agree before transactions are initiated means that multisigs can serve as a robust foundation for rule-based democratic oversight of commonly held assets.
The number of members in a multisig can vary (as can the number of signatures required for approval), which allows for different use cases and security profiles. For instance 2/2 multisigs require both signers to confirm a transaction for it to be approved, but 5/9 multisigs require a majority of the 9 eligible private keys to approve transactions (and a 67/100 multisig requires a 2/3 supermajority).
Common use cases for multisigs include asset custody, active investment (trading, lending, etc.), and voting (with the members’ commonly held tokens or as a voting block that others delegate to). Additionally, multisigs are often used to securely custody the keys for upgrading smart contracts, bridges, or even some networks.
Current Offerings
There is a range of multisigs products on the market, but the largest by far is Safe. Formerly known as Gnosis Safe, it is a smart contract-based multisig wallet for Ethereum and other EVM networks (currently 14 are supported). The recently launched Safe{Core} SDK allows developers to build custom user interfaces that leverage modular features, such as wallet-free logins (using email or social media accounts), alternative fee tokens, transaction sponsoring, and fiat on-ramp integrations. Using these “account abstraction” features, Safe{Recovery Hub} is now supporting a range of optional account recovery models where designated “recoverers” (friends, family, hardware wallets, or centralized custodians) initiate a review period (which users can cancel if fraudulent) that eventually leads to an account recovery event.
While powerful, there are some limitations to Safe. In order to enable the use of Safe with existing dapps, an app store has been created right inside of the Safe application — however each dapp needs to be integrated directly. Safe also allows for the signers to be updated (by removing or adding based on the approval of existing members), however these changes are chain-specific since each Safe account is a single chain deployment. This is the largest shortcoming with Safe (and all smart-contract based multisigs): they are deployed on a single chain and thus multiple separate multisigs are necessary if users want to manage assets across different networks.
Multix, Polkasafe, and Nova Spektr are multisigs in the Polkadot ecosystem which all have different pros and cons, but — like Safe — they are single chain deployments. As a result, they provide a somewhat fragmented experience for groups that are trying to manage assets across more than one parachain/relay chain (though Nova Spektr does a great job of abstracting away the complexities of having multiple deployments in the UI). Additionally, Multix and Polkasafe don’t supports the full range of Polkadot networks yet and all three of these platforms are limited to the Polkadot ecosystem.
Fireblocks is a centralized multisig solution that does allow assets on different networks to be owned and managed from one account. However, while Fireblocks cannot steal users assets, it is necessary for users to access them so it being shut down would result in the permanent loss of those tokens. Additionally, the platform has to have integrated a chain for users to manage assets on it and Fireblocks charges very very large fees for these integrations.
To summarize, the limitations of current multisig solutions include:
- A fragmented UX due to single chain deployments and compatibility with only certain ecosystems
- It is costly and complex to modify the members when there are many deployments across different chains
- Most have a very limited number of signers that can share a multisig
- Interacting with dapps or doing complex transaction flows is often very difficult
- The only multisig that supports cross-ecosystem asset management (Fireblocks) has other drawbacks: centralization risk and cost
Saturn
Saturn is a new multi-party asset management protocol that is built on InvArch Network (a Polkadot parachain) and Tinkernet (a Kusama parachain). While it is not technically a multisignature wallet, it serves all of the same functions (and many more).
Unlike Fireblocks, Saturn will enable non-custodial multichain asset management. Regardless of whether it is used by individuals, communities, or large organizations, Saturn will provide a single unified account from which they can manage all of their assets. Chains, bridges between networks, and gas fees will all be abstracted away and hidden from users, greatly simplifying the user experience.
Initially, Saturn will start out as a solution for the Polkadot and Kusama ecosystems, but it will support all chains in the future (without complex or costly integrations). This will be enabled by a multi-party computation framework that InvArch (and Tinkernet) collators manage via a threshold signature scheme. Ignoring the technical jargon, what this means is that accounts on other chains (Bitcoin, Ethereum, Solana, Cosmos, etc.) will be operated by the InvArch network as a whole, and secured by Polkadot.
There will be a Saturn SDK that teams can use to integrate with Saturn directly, but the Saturn Gateway will be a sleek application where groups can manage assets across every chain - all in a single place. The Saturn Gateway will also include a UI for building reusable bundles of transactions that users expect to use again in the future. Not only does this avoid the hassle of reconstructing the workflow multiple times, but other mutisig members will only need to sign once to approve the entire bundle of transactions rather than each individual step.
Saturn will also improve the user experience with regard to transaction fees, member management, and account formats. For instance, users can enable gasless transactions by staking VARCH tokens (or TNKR on Tinkernet), but they can also just choose to pay in VARCH or DOT (TNKR or KSM on Kusama).
To simplify onboarding, users will also be able to create keyless accounts using the email and a password. Alternatively, NFTs can be multisig members, which allows them to be moved between a user’s accounts, given away, or even sold on the open market.
Furthermore, it will be possible for members to dynamically add and remove members, based on governance votes. If, for instance, a member loses access to their wallet, they can just ask the other members of the DAO to vote the remove their old account and add their new one. Unlike with other multisigs, however, this would only have to be done once (regardless of the number of chains that they manage tokens on).
A Foundation for DAOs
While Saturn will be a greatly improved multisig solution, what is most notable about it is that it will serve as an extremely powerful foundation for DAOs to be built on.
Saturn will be able to support an arbitrarily large number of multisig (and thus DAO) members. InvArch will support flexible governance frameworks and customizable roles with fine-grained permissions for individuals of groups of members. As a result, DAOs be organized into subDAOs (which could be subdivided further into nested subDAOs) that each have defined members with distinct permissions, such as oversight of sub-treasuries.
Since NFTs are able to be multisig members and Saturn supports unified omni-chains accounts, the owners of NFT collections on any network will suddenly be able to operate as DAOs (with powerful, flexible governance systems). Through integrations with other parachains, like Phala Network, DAOs will also be able to manage Discord servers and web2 accounts. Additionally, GitArch will allow DAOs to co-own git repos and democratically manage open source code projects.
Overall, Saturn seems poised to bring about a dramatically improved user experience for collective (or personal) asset management. Most of the use cases for multisigs will benefit from additional DAO capabilities, but the powerful features that InvArch enables will go far beyond improving asset management and super charge on-chain organizations of all types.