Stop using "legally-Identifiable" signatures for the notary protocol, as notary nodes will use their service identity to sign (and not the legal one). It also doesn't make sense to attach an identity on the signature if it's a group identity and the signer holds only 1 out of many keys.

core/src/main/kotlin/net/corda/protocols/AbstractStateReplacementProtocol.kt

@@ -105,7 +105,7 @@ abstract class AbstractStateReplacementProtocol<T> {
         }
 
         @Suspendable
-        private fun getNotarySignature(stx: SignedTransaction): DigitalSignature.LegallyIdentifiable {
+        private fun getNotarySignature(stx: SignedTransaction): DigitalSignature.WithKey {
             progressTracker.currentStep = NOTARY
             return subProtocol(NotaryProtocol.Client(stx))
         }

core/src/main/kotlin/net/corda/protocols/NotaryProtocol.kt

@@ -22,7 +22,7 @@ object NotaryProtocol {
      *                         by another transaction or the timestamp is invalid.
      */
     open class Client(private val stx: SignedTransaction,
-                      override val progressTracker: ProgressTracker = Client.tracker()) : ProtocolLogic<DigitalSignature.LegallyIdentifiable>() {
+                      override val progressTracker: ProgressTracker = Client.tracker()) : ProtocolLogic<DigitalSignature.WithKey>() {
 
         companion object {
 
@@ -36,7 +36,7 @@ object NotaryProtocol {
         lateinit var notaryParty: Party
 
         @Suspendable
-        override fun call(): DigitalSignature.LegallyIdentifiable {
+        override fun call(): DigitalSignature.WithKey {
             progressTracker.currentStep = REQUESTING
             val wtx = stx.tx
             notaryParty = wtx.notary ?: throw IllegalStateException("Transaction does not specify a Notary")
@@ -56,7 +56,7 @@ object NotaryProtocol {
         }
 
         @Throws(NotaryException::class, IllegalStateException::class)
-        private fun validateResponse(response: UntrustworthyData<Result>): DigitalSignature.LegallyIdentifiable {
+        private fun validateResponse(response: UntrustworthyData<Result>): DigitalSignature.WithKey {
             return response.unwrap { notaryResult ->
                 progressTracker.currentStep = VALIDATING
                 when (notaryResult) {
@@ -74,8 +74,8 @@ object NotaryProtocol {
             }
         }
 
-        private fun validateSignature(sig: DigitalSignature.LegallyIdentifiable, data: ByteArray) {
+        private fun validateSignature(sig: DigitalSignature.WithKey, data: ByteArray) {
-            check(sig.signer == notaryParty) { "Notary result not signed by the correct service" }
+            check(sig.by in notaryParty.owningKey.keys) { "Invalid signer for the notary result" }
             sig.verifyWithECDSA(data)
         }
     }
@@ -140,11 +140,9 @@ object NotaryProtocol {
             }
         }
 
-        private fun sign(bits: ByteArray): DigitalSignature.LegallyIdentifiable {
+        private fun sign(bits: ByteArray): DigitalSignature.WithKey {
-            val myNodeInfo = serviceHub.myInfo
-            val myIdentity = myNodeInfo.notaryIdentity
             val mySigningKey = serviceHub.notaryIdentityKey
-            return mySigningKey.signWithECDSA(bits, myIdentity)
+            return mySigningKey.signWithECDSA(bits)
         }
     }
 
@@ -153,7 +151,7 @@ object NotaryProtocol {
 
     sealed class Result {
         class Error(val error: NotaryError): Result()
-        class Success(val sig: DigitalSignature.LegallyIdentifiable) : Result()
+        class Success(val sig: DigitalSignature.WithKey) : Result()
     }
 
 }

core/src/main/kotlin/net/corda/protocols/TwoPartyDealProtocol.kt

@@ -41,7 +41,7 @@ object TwoPartyDealProtocol {
     // This object is serialised to the network and is the first protocol message the seller sends to the buyer.
     data class Handshake<out T>(val payload: T, val publicKey: PublicKeyTree)
 
-    class SignaturesFromPrimary(val sellerSig: DigitalSignature.WithKey, val notarySig: DigitalSignature.LegallyIdentifiable)
+    class SignaturesFromPrimary(val sellerSig: DigitalSignature.WithKey, val notarySig: DigitalSignature.WithKey)
 
     /**
      * [Primary] at the end sends the signed tx to all the regulator parties. This a seperate workflow which needs a
@@ -160,7 +160,7 @@ object TwoPartyDealProtocol {
         }
 
         @Suspendable
-        private fun getNotarySignature(stx: SignedTransaction): DigitalSignature.LegallyIdentifiable {
+        private fun getNotarySignature(stx: SignedTransaction): DigitalSignature.WithKey {
             progressTracker.currentStep = NOTARY
             return subProtocol(NotaryProtocol.Client(stx))
         }
@@ -172,7 +172,7 @@ object TwoPartyDealProtocol {
 
         @Suspendable
         private fun sendSignatures(allPartySignedTx: SignedTransaction, ourSignature: DigitalSignature.WithKey,
-                                   notarySignature: DigitalSignature.LegallyIdentifiable): SignedTransaction {
+                                   notarySignature: DigitalSignature.WithKey): SignedTransaction {
             progressTracker.currentStep = SENDING_SIGS
             val fullySigned = allPartySignedTx + notarySignature
 

finance/src/main/kotlin/net/corda/protocols/TwoPartyTradeProtocol.kt

@@ -55,7 +55,7 @@ object TwoPartyTradeProtocol {
     )
 
     data class SignaturesFromSeller(val sellerSig: DigitalSignature.WithKey,
-                                    val notarySig: DigitalSignature.LegallyIdentifiable)
+                                    val notarySig: DigitalSignature.WithKey)
 
     open class Seller(val otherParty: Party,
                       val notaryNode: NodeInfo,
@@ -90,7 +90,7 @@ object TwoPartyTradeProtocol {
         }
 
         @Suspendable
-        private fun getNotarySignature(stx: SignedTransaction): DigitalSignature.LegallyIdentifiable {
+        private fun getNotarySignature(stx: SignedTransaction): DigitalSignature.WithKey {
             progressTracker.currentStep = NOTARY
             return subProtocol(NotaryProtocol.Client(stx))
         }
@@ -142,7 +142,7 @@ object TwoPartyTradeProtocol {
 
         @Suspendable
         private fun sendSignatures(allPartySignedTx: SignedTransaction, ourSignature: DigitalSignature.WithKey,
-                                   notarySignature: DigitalSignature.LegallyIdentifiable): SignedTransaction {
+                                   notarySignature: DigitalSignature.WithKey): SignedTransaction {
             progressTracker.currentStep = SENDING_SIGS
             val fullySigned = allPartySignedTx + notarySignature
 

node/src/test/kotlin/net/corda/node/services/NotaryServiceTests.kt

@@ -5,8 +5,8 @@ import net.corda.core.contracts.DummyContract
 import net.corda.core.contracts.StateAndRef
 import net.corda.core.contracts.StateRef
 import net.corda.core.contracts.TransactionType
-import net.corda.core.node.services.ServiceInfo
 import net.corda.core.crypto.DigitalSignature
+import net.corda.core.node.services.ServiceInfo
 import net.corda.core.seconds
 import net.corda.core.transactions.SignedTransaction
 import net.corda.core.utilities.DUMMY_NOTARY
@@ -108,7 +108,7 @@ class NotaryServiceTests {
     }
 
 
-    private fun runNotaryClient(stx: SignedTransaction): ListenableFuture<DigitalSignature.LegallyIdentifiable> {
+    private fun runNotaryClient(stx: SignedTransaction): ListenableFuture<DigitalSignature.WithKey> {
         val protocol = NotaryProtocol.Client(stx)
         val future = clientNode.services.startProtocol(protocol)
         net.runNetwork()

node/src/test/kotlin/net/corda/node/services/ValidatingNotaryServiceTests.kt

@@ -78,7 +78,7 @@ class ValidatingNotaryServiceTests {
         assertEquals(setOf(expectedMissingKey), missingKeys)
     }
 
-    private fun runClient(stx: SignedTransaction): ListenableFuture<DigitalSignature.LegallyIdentifiable> {
+    private fun runClient(stx: SignedTransaction): ListenableFuture<DigitalSignature.WithKey> {
         val protocol = NotaryProtocol.Client(stx)
         val future = clientNode.services.startProtocol(protocol)
         net.runNetwork()