Authorization Schemes: Designing Protocols for Institutions To Operate On-Chain

Written by TJ

On May 3, 2022

One of the biggest challenges that large institutions face in onboarding to the blockchain is the issue of how to effectively manage billions of dollars worth of assets in an environment with no intermediaries, irreversible transactions, and a limited ability to accurately measure the risk of exploits. 

The protocols that nodes must follow in order to validate transactions on a blockchain exist to protect the finality of each entry, regardless of the intentions of the participants that created the entry.  In other words, a transaction initiated by a bad actor with signing authority, or an unauthorized withdrawal caused by a hacked wallet, will be recognized all the same by nodes that validate and confirm the entry into the blockchain, making these mistakes irreversible. 

Knowing this fact, it is imperative for companies seeking to adopt blockchain technology to establish protocols for managing the transfer of funds on-chain in order to ensure that every transaction that is confirmed on the blockchain is one that all participants involved consent to. 

This can be achieved through authorization schemes, which is a core feature of the Accumulate network that enables members within an organization to create highly customizable protocols for approving transactions and delegating permissions to members in or outside of their organization.  

This feature enables entities of any size to radically transform their approach to multi-party consensus and governance over all types of digital assets.  

Key Management & Authorization Schemes

The Accumulate key management system allows entities to generate multiple wallet keys that are linked to a decentralized digital identifier or ADI. Entities have access to a set of key books which reference multiple keys within a Key Page. Keys can be arranged based on a set priority. For example, you can create high-priority keys that are placed in cold storage for use in case your other keys are lost or compromised. 

In addition, each account or sub-identity on the Accumulate network can be designated a specific key page. You can have a key page consisting of keys for very important transactions such as moving funds on behalf of a DAO treasury of institutional clients and another key page for transactions of lower importance, such as testing newly deployed Defi smart contracts. 

Key Books can also allow ADIs to update their security settings to include multisig transactions (transactions that require 2 or more digital signatures), delegated transactions (transactions that can be initiated by an external authority based on 3rd party verification), managed transactions (transactions that include self-imposed limits on spending or frequency) or other conditions without having to touch high-priority keys, thereby maintaining the highest possible security standards and minimizing vulnerabilities. 

Accumulate key management system makes it possible for entities to create a single signature or multi-signature authorization schemes. These are rules for determining the number of digital signatures required to validate transactions from an account, and can be especially useful for funds that are looking to custody billions of dollars worth of digital assets on-chain and need to establish a hierarchy of permissions for how to securely manage those assets. 

Managing a Digital Asset Fund

Accumulate enhances the security for digital asset funds by not only enabling multiple parties to have authority over approving a transaction but also splitting up transactions into various types, such as data transactions and token transactions. This way, members can be assigned to transact only information such as documents or receipts, while other members can be assigned to transact stablecoins and cryptocurrencies, and others to transact tokenized assets or NFTs.  

This division of permissions makes the fund less vulnerable to major security breaches, as any given wallet that is hacked is only able to transact a certain type of asset and even still may not be able to do so without the digital signatures of other wallets. 

The fund could replace the members assigned to prior keys with new members (e.g if a new executive or controller is added to the organization), or issue new keys and revoke access to old ones, all without needing to create a new ADI. 

Delegated Transactions

Delegated transactions make it possible for entities to spend tokens based on external authorizations. This can be useful in cases where an entity needs verification from an external source before allowing members who hold certain keys to spend funds from their account. 

We can envision all kinds of innovative ways to customize authorizations schemes using delegated transactions. For example, a fund could create an authorization scheme that only approves purchasing asset-backed tokens on the condition that professional auditors (represented as key holders or required co-signers within the authorization scheme) have certified on-chain that the tokens are in fact secured by the stated amount of real-world assets.  

Such a use case could accelerate the adoption of tokenized real estate or tokenized commodity trading markets while giving auditing firms like Deloitte and PWC an opportunity to leverage their skillsets in a way that is familiar to them. 

Multisig & Delegated Authorization Schemes for Fortune 500 Companies

Another way to leverage multi-sig and delegated transactions is to split up the management of funds for a project to different stakeholders who are responsible for allocating funds to a particular area. 

This could be particularly useful for managing budgets across large organizations, such as a non-profit, a Fortune 500 company, or even a government entity. 

With delegated transactions, the ADI that custodies the funds and the ADI that has authority to sign off on the transactions can belong to different individuals or entities. 

In a corporation, this design can enable executive teams to sign transactions for wallets belonging to the marketing or product team, allowing them to spend a certain amount of money based on objective KPIs. 

Delegated transactions could also be used cross-departmentally, allowing the product and marketing teams to hold each other accountable for their budgets by delegating the signature authorities for each department to executives belonging to the other department. Such a design could be used to more effectively align incentives amongst teams that may be outsourced or operating with flatter, more decentralized organizational structures. 

Each team would have custody of another team’s budget while being beholden to a different team and required to meet certain KPIs in order to spend their own budget. This could promote cross-team collaboration and align incentives without the need of a central authority having to mediate and create KPIs that might not accurately reflect the capabilities of the team. 

Let’s take an example of a Fortune 500 company that chooses to shift its employee budgeting system unto the Accumulated network. Each department and stakeholder would be represented as an ADI, with various sub-identities for different roles within a department and keybooks to manage funds dispersed throughout the organization:   

Using, multi-sig and delegated authorization schemes, company teams can manage each others budgets and hold each other accountable for KPIs in the following way:

  • CEO & Board holds signing authority for executive teams budget (KPIs; revenue, headcount)
  • Executive team and sales team hold signing authority for marketing budget (KPIs; website rankings, sign ups)
  • Executive team and engineering team hold signing authority for products budget (KPIs: # of product releases, time to deployment)
  • Executive team and marketing hold signing authority for sales budget (KPIs: opportunities, ARR)
  • Executive team and product hold signing authority for engineering’s budget (KPIs: code shipped, bug fixes)
  • Executive team, engineering and marketing hold signing authority for HR’s budget (KPIs: headcount, employee retention)
    • Teams can rotate signing authority based on the hiring needs of the company 

Delegated and Managed transactions for funding Web3 projects 

Another area where authorization schemes could be applied is in creating more transparent systems for funding web3 projects and managing treasuries.   

Multisig wallets could be created that require the digital signatures of a member of the development team, a member of the VC fund that provided the initial capital, as well as an elected representative from the project’s community before token transactions above a certain threshold could be spent.

Using Accumulates managed transactions feature, projects could grant community representatives control over spending amount of frequency limits for certain expenses such as paying for token giveaways, events, or development proposals. 

Spending limits could also be tied to specific project KPIs like TVL, transaction fees, etc.

Conclusion

Authorization schemes are designed to help organizations improve the security and efficiency of managing digital assets and high-value data by implementing rules for who can authorize what type of transactions, how much can be transacted, how frequently, and many other options. 

The end result is a trustless approach to transacting that enables participants to be bound by rules written into computer code, similar to how blockchain nodes are bound by the rules of their particular consensus mechanism when validating transactions. 

When authorization schemes are applied, all validated transactions that are added to a block can be traced back to not only the sender and receiver but also the set of rules that each participant was bound to when performing the transaction. 

This makes it more difficult for fraud or mistakes to occur that are then permanently imprinted on the blockchain. 

Ultimately, Accumulate is leveraging authorizations schemes to enable large institutions to manage billions of dollars worth of assets on-chain in a manner that is more trustless and transparent while still maintaining a high degree of safety and security through the use of tamper-proof protocols for transaction authorization.

Related Articles

Condensed Use Cases Guide #1

Condensed Use Cases Guide #1

Orchestrating multisignature transactions for other protocols within the Accumulate wallet   Users can create arbitrarily complex...

0 Comments

Submit a Comment

Your email address will not be published.