-
Notifications
You must be signed in to change notification settings - Fork 305
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
aecb67f
commit 17cfebf
Showing
1 changed file
with
82 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,83 @@ | ||
| # Threshold Custody Backend | ||
|
|
||
| This backend allows splitting the spend authority (the ability to *spend* funds) among multiple parties. | ||
| Each of these parties will have full viewing authority (the ability to decrypt and view the wallet's on-chain activity). | ||
|
|
||
| Threshold custody involves a certain number of parties, `N`, which each have a share, and a threshold `T`, denoting | ||
| the number of parties required to sign. | ||
| This is often referred to as an `(N, T)` threshold setup. | ||
|
|
||
| For example, a `(3, 2)` threshold setup would involve 3 people holding shares, with 2 of them required to sign. | ||
|
|
||
| At a high-level, using this backend involves: | ||
| 1. **(only once)** generating the split keys, either in a centralized or a decentralized manner, | ||
| 2. **(many times)** signing transactions by having the parties coordinate over a shared secure communication channel. | ||
|
|
||
| For signing, the parties will need to exchange messages to coordinate a threshold signature, and will need | ||
| some kind of secure channel to do that; for example, a Signal group. | ||
| This channel should: | ||
| - provide authenticity to each party sending messages in it, | ||
| - encrypt messages, preventing information about on-chain activity from leaking outside the signing parties. | ||
|
|
||
| This backend is only accessible from the command-line interface, `pcli`. | ||
|
|
||
| ## Key-Generation: Centralized | ||
|
|
||
| ``` | ||
| pcli init threshold deal --threshold <T> --home <HOME1> --home <HOME2> ... | ||
| ``` | ||
|
|
||
| This command will generate the key shares, and then write appropriate pcli configs to `<HOME1>/config.toml`, `<HOME2>/config.toml`, etc. | ||
| The number of parties is controlled only by the number of home directories passed to this command. | ||
| The threshold required to sign will be `<T>`. | ||
|
|
||
|
|
||
| ### Security | ||
|
|
||
| The computer running this command will have access to all the shares at the moment of generation. | ||
| This can be useful to centrally provision a threshold setup, but should be done on a secure computer | ||
| which gets erased after the setup has been performed. | ||
|
|
||
| ## Key-Generation: Decentralized | ||
|
|
||
| ``` | ||
| pcli init threshold dkg --threshold <T> --num-participants <N> | ||
| ``` | ||
|
|
||
| This command will generate the key shares in a decentralized manner. | ||
| Each party will run this command on the machine where they want their share to be. | ||
| The command will prompt them to communicate information with the other parties, | ||
| and to relay the information they've received back into it, before eventually | ||
| producing a key share, and writing it to the default home directory used by `pcli`. | ||
|
|
||
| This method is more secure, because no computer ever has full access to all shares. | ||
|
|
||
| ## Signing | ||
|
|
||
| For signing, one party must coordinate signing, and the other parties | ||
| will follow along and review the suggested transaction. | ||
|
|
||
| The coordinator will use `pcli` as they would with the standard single-party custody backend. | ||
| When it comes time for `pcli` to produce a signature, the command will then prompt the user | ||
| to communicate information with the other parties, and relay their response back, in order | ||
| to produce a signature. | ||
|
|
||
| The followers run a separate command to participate in signing: | ||
| ``` | ||
| pcli threshold sign | ||
| ``` | ||
| This will have them be prompted to input the coordinator's information, and will display | ||
| a summary of the transaction, which they should independently review to check that it's | ||
| actually something they wish to sign. | ||
|
|
||
| Note that only a threshold number of participants are required to sign, and any others do not | ||
| need to participate. So, for example, with a threshold of `2`, only one other follower beyond | ||
| the coordinator is needed, and additional followers *cannot* be used. | ||
|
|
||
| ## Communication Channel | ||
|
|
||
| The `dkg` and `sign` commands will spit out blobs of information that need to be relayed between | ||
| the participants securely. | ||
| And end-to-end example of how this process works is captured in this video: | ||
| https://twitter.com/penumbrazone/status/1732844637180862603 | ||
|
|