Threshold Signatures for Cardano Wallets

[GENERAL] Name and surname of main applicant

Dylan Crocker

[GENERAL] Email address of main applicant

dylan@viperscience.com

Additional applicants

Willie Marchetto

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

12

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language.

No

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

No

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.” .

No dependencies.

[GENERAL] Will your project’s output/s be fully open source?

Yes

[GENERAL] If NO, please describe which outputs are not going to be open source. If YES, please write “Project will be fully open source.”

Project will be fully open source.

[METADATA] Category of proposal

Wallet

[IMPACT] Please describe your proposed solution.

Threshold signatures are a cryptographic technique where a group of participants collaboratively create a signature without relying on a single individual's private key. It enhances security and resilience. Participants each hold a share of the private key and combine them to generate a valid signature. Threshold signatures offer distinct advantages over both single-key signatures and multi-signature scripts in the context of a blockchain application. A great introduction may be found in the Coinbase blog article on threshold signatures.

Compared to single-key signatures, threshold signatures enhance security and resilience. With a single key, if it is compromised or lost, the entire system's security is jeopardized. In contrast, threshold signatures distribute the signing authority among multiple participants, each holding a share of the private key. This means that even if some participants' key shares are compromised or unavailable, as long as the required threshold number of participants is active, a valid signature can still be generated. This significantly reduces the risk of a single point of failure and improves the overall security of the blockchain system.

Additionally, compared to multi-signature scripts, threshold signatures offer advantages in terms of efficiency and scalability. In a multi-signature scheme, each transaction input requires multiple signatures, resulting in larger and more complex transactions. In contrast, threshold signatures allow for a single aggregated signature to represent the combined authorization of multiple participants. This results in smaller blockchain transactions, reduces transaction fees, and improves the overall efficiency of the blockchain network.

By combining enhanced security and resilience with improved efficiency and scalability, threshold signatures provide a compelling solution for blockchain applications, addressing the limitations of both single-key signatures and multi-signature scripts. They offer increased security against key compromise and enable more streamlined and cost-effective transaction processing on the blockchain.

Threshold signatures can be implemented using the same underlying cryptographic algorithm as Cardano's default Ed25519 signatures. Ed25519 is a widely used and well-regarded elliptic curve algorithm known for its efficiency and security. Threshold signatures can be constructed using Ed25519 keys, making them compatible with the existing infrastructure of the Cardano blockchain. Moreover, the verification algorithm for threshold signatures remains the same as the standard Ed25519 signature verification algorithm. This compatibility simplifies the integration of threshold signatures into the Cardano ecosystem, allowing for enhanced security and resilience without requiring changes to the underlying verification mechanisms.

Our proposed solution involves implementing the necessary threshold signature tooling to generate signatures that are compatible with Cardano wallets. We will leverage the existing Ed25519 signature capabilities of our C++ library Viper25519. The Viper25519 toolset will be expanded to include the required functionalities for key splitting and generating valid signatures from a subset of keys (M of N sub-keys, where M is less than or equal to N). These threshold signatures will be verifiable using the standard Ed25519 signature verification, ensuring compatibility with the Cardano blockchain. To validate the functionality, we will create a CLI tool that can generate a split key, corresponding public key, payment address, and perform transaction building and signing. It's important to note that this tool will not include a secure messaging protocol for multiple users to combine signatures. The entire codebase will be open source.

[IMPACT] How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?

This project will provide product developers coming to the Cardano ecosystem with verified tooling and reference implementations upon which to build secure dApps and other integrations using threshold signature technology. Threshold signatures represent an advancement over multi-signature scripts when multi-factor authentication is desired for enhanced security. The availability of such tooling will make Cardano an attractive candidate to builders.

[IMPACT] How do you intend to measure the success of your project?

Success for this project will be measured by the ability to showcase successful transactions on the Cardano testnet using a threshold signature wallet. A further metric will be potential follow on projects that will rely on the successful completion of the proposed tooling.

[IMPACT] Please describe your plans to share the outputs and results of your project?

The project code will be open-source and available on the Viper Science Gitlab and Github pages. Details of the project will be documented in a blog post and shared via the Viper Science social media outlets.

[CAPABILITY/ FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability?

The Viper Science team has been an active contributor to the Cardano community for over four years. In addition to operating stake pools since the Incentivized Testnet, we have developed several open source tools for Cardano developers and SPOs. Three of these projects have been successfully funded through Catalyst in the past:

• Cardano-Tools Python Library (https://projectcatalyst.io/funds/8/f8-open-source-development-ecosystem/cardano-tools-python-library) 
• Cardano development library in C++ (https://projectcatalyst.io/funds/8/f8-open-source-development-ecosystem/cardano-development-library-in-c)
• API for Multi-Delegation Portfolios (https://projectcatalyst.io/funds/6/f6-dapps-and-integrations/api-for-multi-delegation-portfolios) 

A complete list of our contributions can be found at https://viperscience.com/. Additionally, our team has the domain expertise required to be successful with the proposed work, as we have already laid out much of the groundwork in our Viper25519 project. Details about the team members’ technical backgrounds are included below.

[CAPABILITY/ FEASIBILITY] What are the main goals for the project and how will you validate if your approach is feasible?

The feasibility of this project will be determined with an in-depth literature survey, which is already underway and has determined feasibility with enough certainty to implement this proposal.

The main goal of this project is to develop tooling to compute threshold signatures compatible with Cardano wallets. The capability will be verified by successful transactions between threshold and non-threshold wallets on the Cardano testnet.

[CAPABILITY/ FEASIBILITY] Please provide a detailed breakdown of your project’s milestones and each of the main tasks or activities to reach the milestone plus the expected timeline for the delivery.

The milestone timelines are decoupled from the hourly price in ADA since it is assumed development will not be full time due to staff allocations. Please see the budget breakdown for estimated hours per task.

Milestone 1 - Direct Key Splitting and Signature [20 weeks, 27,390 ADA]

Implement functionality to split an extended Ed25519 key into multiple sub keys, generate a signature with all sub keys, and finally verify the signature against the public key corresponding to the original private key.

1. Algorithm to split an Ed25519 private key into multiple shares. [8 weeks]
2. Elliptic curve functionality for signature steps and value sharing. [8 weeks]
3. Signature combination and verification. [4 weeks]

Milestone 2 - Shamir Secret Sharing [20 weeks, 18,260 ADA]

Implement Shamir Secret Sharing functionality to split a private key into N sub-keys and set a threshold of M sub-keys required to create a valid signature (M <= N). Generate signatures and test validity.

1. Lagrange polynomial functionality implementation for secret share generation. [8 weeks]
2. Modification of signature steps to include the polynomial coefficients. [8 weeks]
3. Signature combination and verification. [4 weeks]

Milestone 3 - CLI Tool and Testnet Transaction [12 weeks, 9,130 ADA]

With the initial infrastructure built and tested, create a simple CLI tool that will enable a user to test the functionality by generating split keys and creating signatures from those keys. Use the tool to automate test transactions on the Cardano testnet.

1. CLI tool creation exposing the functionality completed at earlier milestones. [6 weeks]
2. Scripts to generate and validate testnet transactions. [6 weeks]

[CAPABILITY/ FEASIBILITY] Please describe the deliverables, outputs and intended outcomes of each milestone.

Milestone 1

• Deliverables: Direct key splitting and signatures.
• Outputs: Open source code pushed to the public repository including passing test cases.
• Intended outcomes: At this stage, the code for direct key splitting and threshold signatures will be complete and a high degree of confidence in the eventual success of the project will be achieved.

Milestone 2

• Deliverables: Shamir Secret Sharing.
• Outputs: Open source code pushed to the public repository including passing test cases.
• Intended outcomes: At this stage, the code for all intended functionality will be complete and in a simple to use form (a library). The code will be ready for integration with tooling for the final milestone.

Milestone 3

• Deliverables: Threshold signature CLI tool and example testnet transactions.
• Outputs: Open source repository of the CLI tool. Documentation of the testnet transactions and example scripts.
• Intended outcomes: Display project success and provide tooling to the community.

[RESOURCES & VALUE FOR MONEY] Please provide a detailed budget breakdown of the proposed work and resources.

The project team consists of engineers with advanced degrees, each with over ten years of professional experience developing and building complex systems in research & development environments. As a baseline labor rate, we are using a relatively conservative rate of $63.91, which is the mean hourly wage for software developers in the US according to the US Bureau of Labor Statistics.

Budget breakdown:

• Labor ($15,338.40):
• Milestone 1: 120 hours
• Milestone 2: 80 hours
• Milestone 3: 40 hours
• Materials ($0): 
• No materials required

Assumed $/ada exchange rate: $0.28

Total project cost: 54,780 ADA

[RESOURCES & VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

Investing in this R&D effort will provide Cardano developers access to a reference implementation of advanced cryptographic primitives that provide increased application security and decentralization. Therefore it is our belief that the project cost represents excellent value for money for the Cardano ecosystem for the following key reasons: 

• Advanced cryptographic protocols attract developers who require enhanced security. Developers are already drawn to Cardano for its high assurance code base and security features. Threshold signatures pair well with Cardano’s security-focused milieu.
• Threshold signatures for extended Ed25519 keys enhance security for dApps and wallets by requiring multiple parties to create a valid signature (multi-factor authentication).
• Threshold signatures reduce transaction bloat and validation steps (CPU processing time). While such improvements may be marginal, they become significant when considering billions of transactions.

[IMPORTANT NOTE] The Applicant agreed to Fund10 rules and also that data in the Submission Form and other data provided by the project team during the course of the project will be publicly available.

I Accept