Signing a Transaction
Signing a transaction for Flow is a multi-step process that can involve one or more accounts, each of which signs for a different purpose.
Signer Roles
- Proposer: the account that specifies a proposal key.
- Payer: the account paying for the transaction fees.
- Authorizers: zero or more accounts authorizing the transaction to mutate their state.
Proposal Key
Each transaction must declare a proposal key, which can be an account key from any Flow account. The account that owns the proposal key is referred to as the proposer.
A proposal key definition declares the address, key ID, and up-to-date sequence number for the account key.
_10{ _10 // other transaction fields_10 // ..._10 "proposalKey": {_10 "address": "0x01",_10 "keyId": 7,_10 "sequenceNumber": 42_10 }_10}
Sequence Numbers
Flow uses sequence numbers to ensure that each transaction executes at most once. This prevents many unwanted situations such as transaction replay attacks.
Sequence numbers work similarly to transaction nonces in Ethereum, but with several key differences:
- Each key in an account has a dedicated sequence number associated with it. Unlike Ethereum, there is no sequence number for the entire account.
- When creating a transaction, only the proposer must specify a sequence number. Payers and authorizers are not required to.
The transaction proposer is only required to specify a sequence number for a single account key, even if it signs with multiple keys. This key is referred to as the proposal key.
Each time an account key is used as a proposal key, its sequence number is incremented by 1. The sequence number is updated after execution, even if the transaction fails (reverts) during execution.
A transaction is failed if its proposal key does not specify a sequence number equal to the sequence number stored on the account at execution time.
Example
After the below transaction is executed,
the sequence number for Key 7
on Account 0x01
will increase to 43.
_11{ _11 // other transaction fields _11 // ... _11 "proposalKey": {_11 "address": "0x01",_11 "keyId": 7,_11 "sequenceNumber": 42_11 },_11 "payer": "0x02",_11 "authorizers": [ "0x01" ],_11}
Anatomy of a Transaction
Due to the existence of weighted keys and split signing roles, Flow transactions sometimes need to be signed multiple times by one or more parties. That is, multiple unique signatures may be needed to authorize a single transaction.
A transaction can contain two types of signatures: payload signatures and envelope signatures.
Payload
The transaction payload is the innermost portion of a transaction and contains the data that uniquely identifies the operations applied by the transaction. In Flow, two transactions with the same payload will never be executed more than once.
The transaction proposer and authorizer are only required to sign the transaction payload. These signatures are the payload signatures.
Authorization Envelope
The transaction authorization envelope contains both the transaction payload and the payload signatures.
The transaction payer is required to sign the authorization envelope. These signatures are the envelope signatures.
❗ Special case: if an account is both the payer and either a proposer or authorizer, it is required only to sign the envelope.
Payment Envelope
The outermost portion of the transaction, which contains the payload and envelope signatures, is referred to as the payment envelope.
Payer Signs Last
The payer must sign the portion of the transaction that contains the payload signatures, which means that the payer must always sign last. This allows the payer to ensure that they are signing a valid transaction with all of the required payload signatures.
Signature Structure
A transaction signature is a composite structure containing three fields:
- Address
- Key ID
- Signature Data
The address and key ID fields declare the account key that generated the signature, which is required in order to verify the signature against the correct public key.
Common Signing Scenarios
Below are several scenarios in which different signature combinations are required to authorize a transaction.
Single party, single signature
The simplest Flow transaction declares a single account as the proposer, payer and authorizer. In this case, the account can sign the transaction with a single signature.
This scenario is only possible if the signature is generated by a key with full signing weight.
Account | Key ID | Weight |
---|---|---|
0x01 | 1 | 1000 |
_19{ _19 "payload": {_19 "proposalKey": {_19 "address": "0x01",_19 "keyId": 1,_19 "sequenceNumber": 42_19 },_19 "payer": "0x01",_19 "authorizers": [ "0x01" ]_19 },_19 "payloadSignatures": [], // 0x01 is the payer, so only needs to sign envelope_19 "envelopeSignatures": [_19 {_19 "address": "0x01",_19 "keyId": 1,_19 "sig": "0xabc123"_19 }_19 ]_19}
Single party, multiple signatures
A transaction that declares a single account as the proposer, payer and authorizer may still specify multiple signatures if the account uses weighted keys to achieve multi-sig functionality.
Account | Key ID | Weight |
---|---|---|
0x01 | 1 | 500 |
0x01 | 2 | 500 |
_24{ _24 "payload": {_24 "proposalKey": {_24 "address": "0x01",_24 "keyId": 1,_24 "sequenceNumber": 42_24 },_24 "payer": "0x01",_24 "authorizers": [ "0x01" ]_24 },_24 "payloadSignatures": [], // 0x01 is the payer, so only needs to sign envelope_24 "envelopeSignatures": [_24 {_24 "address": "0x01",_24 "keyId": 1,_24 "sig": "0xabc123"_24 },_24 {_24 "address": "0x01",_24 "keyId": 2,_24 "sig": "0xdef456"_24 }_24 ]_24}
Multiple parties
A transaction that declares different accounts for each signing role will require at least one signature from each account.
Account | Key ID | Weight |
---|---|---|
0x01 | 1 | 1000 |
0x02 | 1 | 1000 |
_25{ _25 "payload": {_25 "proposalKey": {_25 "address": "0x01",_25 "keyId": 1,_25 "sequenceNumber": 42_25 },_25 "payer": "0x02",_25 "authorizers": [ "0x01" ]_25 },_25 "payloadSignatures": [_25 {_25 "address": "0x01", // 0x01 is not payer, so only signs payload_25 "keyId": 1,_25 "sig": "0xabc123"_25 }_25 ],_25 "envelopeSignatures": [_25 {_25 "address": "0x02",_25 "keyId": 1,_25 "sig": "0xdef456"_25 },_25 ]_25}
Multiple parties, multiple signatures
A transaction that declares different accounts for each signing role may require more than one signature per account if those accounts use weighted keys to achieve multi-sig functionality.
Account | Key ID | Weight |
---|---|---|
0x01 | 1 | 500 |
0x01 | 2 | 500 |
0x02 | 1 | 500 |
0x02 | 2 | 500 |
_35{ _35 "payload": {_35 "proposalKey": {_35 "address": "0x01",_35 "keyId": 1,_35 "sequenceNumber": 42_35 },_35 "payer": "0x02",_35 "authorizers": [ "0x01" ]_35 },_35 "payloadSignatures": [_35 {_35 "address": "0x01", // 0x01 is not payer, so only signs payload_35 "keyId": 1,_35 "sig": "0xabc123"_35 },_35 {_35 "address": "0x01", // 0x01 is not payer, so only signs payload_35 "keyId": 2,_35 "sig": "0x123abc"_35 }_35 ],_35 "envelopeSignatures": [_35 {_35 "address": "0x02",_35 "keyId": 1,_35 "sig": "0xdef456"_35 },_35 {_35 "address": "0x02",_35 "keyId": 2,_35 "sig": "0x456def"_35 },_35 ]_35}
Thanks for reading and happy hacking! 🚀