Open source: Distributed Key Signing SDK for Cardano Wallet

[GENERAL] Name and surname of main applicant

Billy Pham

[GENERAL] Email address of main applicant

sisu.team2020@gmail.com

Additional applicants

1. Huy Nguyen (engineer)
2. Dat Le (engineer)
3. Steven Nguyen - Community Leader and Marketing Lead. Email: steven@sisu.network

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

4

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language.

No

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

No

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.” .

No dependencies

[GENERAL] Will your project’s output/s be fully open source?

Yes

[GENERAL] If NO, please describe which outputs are not going to be open source. If YES, please write “Project will be fully open source.”

Project will be fully open source.

[METADATA] Category of Proposal

Dev Tools, API or Library

[METADATA] SDG rating

SDG 9: Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation

This proposal is to promote use of multi-party signing for Cardano nodes and wallets to enhance security of the ecosystem. 

SDG Subgoals 

• Enhance overall security for the Cardano ecosystem
• Keep the project open source 100% from start to beginning 
• Provide an easy to use interface and binary for developers to deploy on their own infrastructure 
• No private key or secret is leaked through the signing process

[IMPACT] Please describe your proposed solution.

The defined problem: 

• Each Cardano transaction requires a private key to sign and securing this private key is a daunting task. 
• While Cardano transaction supports multisig through multi witnesses, it has a few problems:
• It requires multiple signatures per transaction and hence increases transaction cost and take more spaces from 16kb limit 
• It’s not fault tolerant. If one of the signers is offline, the transaction fails to sign. 

This proposal proposes a better way to approach multi party signers by leveraging Threshold Signature Scheme. Its main benefits are:

• Break a private key into N party, each is held by a participating party. No single party can know the secret of the private key of the group (No Single point failure) 
• It always produces one signature, no matter how many parties participate. (Single signature, no transaction overhead).
• It requires only (t + 1) out of N to sign a transaction (t is usually about ⅔ of N). This means if some nodes are offline but there are still at least t+1 online nodes, the group is still capable of signing a transaction (disaster tolerant).

We aim to make this as an open source SDK so that any Cardano team can deploy it as an independent service on their server. Their main app will communicate with this key signing service through JSON RPC without knowing how it works underneath. 

We will leverage the recent research in multi party signing to allow distributed key signing on Cardano. Cardano uses the EDDSA signature scheme for its transactions. This scheme has a number of advantages compared ECDSA when it comes to distributed signing.

----------

The proposed solution:

The high level idea of Threshold Signature Scheme sTSS is to break a single private key (unknown to everyone) into multiple parts, each is kept by a single validator. When a transaction needs to be signed, all validators participate into the signing process and produce a unique signature for a transaction. 

Each signing requires any (t + 1) out of N nodes to sign with this number t configurable by the group (usually it’s set to ⅔ of N). This allows some nodes to go offline while not blocking the group from signing. 

There are 2 phases in the signing process:

1. Setup (once): Each node in a group generates a secret and exchanges some cryptographic proof with each other. 
2. Signing (multiple times): the signing of a message goes through several steps:
3. A leader of the group is selected based on the hash of the message. 
4. The leader picks up (t+1) out of N nodes through a deterministic algorithm
5. The nodes exchange cryptographic messages with each other, and each will create a “fraction” of the final signature. 
6. At the end, all signature “fractions” are created and combined to create a final signature

—-------

Project end-users aim:

The final signature looks exactly the same as if it is produced from a single private key. This allows nodes or wallet’s owner to make a seamless transition from single private key signing to multi-party signing without major change in their system.

This signing node will be built into a micro-service and any application can request a signature through JSON RPC interface. 

[IMPACT] How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?

We will address the challenge OSDE: Open Source Dev Ecosystem in the following ways:

• Leverage Threshold Signature Scheme to allow distributed key signings while producing only a single signature per transaction. 
• The final signature looks like it is produced from a single private key. This allows dev teams to make a smooth transition from single private key to multi sign.
• This could run as an independent service and allows any app to hook to use without any major change in their system. 
• The SDK is easy to use, open source with MIT license. Anyone can use it and adapt for their needs.

[IMPACT] How do you intend to measure the success of your project?

Quantitative metrics:

• Github: The number of stars and forks on github.
• Developer Adoption: the number of Cardano teams that use our repos or binary. 
• Open source contribution: the number of Cardano developers (outside our team) who contribute or file issues on the repos. 

Qualitative metrics:

• Evaluation through peer reviews

[IMPACT] Please describe your plans to share the outputs and results of your project?

The project will be 100% open source on Github and anyone can see and track the progress of the team. 

The results and progresses will be shared through following channels:

• Cardano forums: we will announce any major milestones of the project to Cardano forum
• Cardano meetings and conference: we will be present at local Cardano meetings and share with community members any updates from our work. This promotes the use of open source to anyone who are interested in knowing about tools and Cardano as a general.

[CAPABILITY/ FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability?

The tech lead of the project, Billy Pham, has more than 10 years of experience in Silicon Valley and has worked for multiple companies, from Google, Addepar to startups in San Francisco. He has a deep understanding of blockchain technology down to the cryptography level. 

He demonstrated his capability by building a decentralized bridge on Ethereum, Solana, Avalanche using similar technologies. Billy is well-versed for building distributed key signings for Cardano transactions. 

The other 2 people in the team are great talents who wrote papers in their college and competed at ACM ICPC at multiple levels. 

To ensure proper fund management and transparency:

• Detailed budgeting: we will provide itemized budgeting of how fund is allocated 
• Reporting: Regular update of how the fund is used will be posted to the Cardano community. 
• Open progress tracking: anyone can track our progress on Github to and try our final output to track our progress.

[CAPABILITY/ FEASIBILITY] What are the main goals for the project and how will you validate if your approach is feasible?

Our main goals of the project is as follows:

• Promote the use of multi-party signature: Multi party signing is more secure than using a single private key. We hope that with our easy to use SDK, more and more Cardano team will adopt to use multi party signature for their product
• Enhance Cardano’s overall security: our library could be used not just for managing wallets but also for many other components (like bridges, on-chain applications). 
• Promote open source and transparency: our code will be 100% open source from day 1 to encourage all Cardano members to participate and build together. 

Our approach is validated through:

• Academic research on Threshold Signature (https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8214B.ipd.pdf). The approach we use is mathematically proof to be secured. 
• We have experience building a decentralized bridge in other blockchain (Ethereum, Cardano) using similar technology. It has been tested by tens of thousands of users in our community on our testnet.

[CAPABILITY/ FEASIBILITY] Please provide a detailed breakdown of your project’s milestones and each of the main tasks or activities to reach the milestone plus the expected timeline for the delivery.

Milestone 1: Form team & start engineering implementation (month 0 - 2.5)

Tasks:

• Finalize the team member (1 week)
• Implement the core part of Threshold Signature 
• Build API server, write SDK documentation to expose the signing service through JSON RPC interface

Milestone 2: Internal testing & beta release (month 2.5 - 4)

• Setup and deploy our own distributed server internally 
• Stress test the system to make sure it works with 30 participating validators or more 
• Release beta version of the product
• Receive and fixed submitted bugs from developers 
• Announce beta release in Cardano developer community.

Milestone 3: Production release 

• Release v1.0 of the SDK
• Update documentation for the library 
• Announce beta release in Cardano developer community.

[CAPABILITY/ FEASIBILITY] Please describe the deliverables, outputs and intended outcomes of each milestone.

Thank to the support of Cardano Ambassador Mr. Yuta, we provide the SOM in advance:

• to ensure transparency and clarity of the plan as per Catalyst Fund 10 new guideline,
• to make it clear for Community Reviewer (CR)
• to comment that we % of complete always greater than % of cost needed for each milestone.

Link SOM guideline

Milestone 1: Form team & start engineering implementation (month 0 - 2.5)

Deliverables: Github commits, engineering work 

Outcome: We have an alpha version of the product. It should work in our internal testing and could be easily deployed to cloud services 

Milestone 2: Internal testing (month 2.5 - 4)

Deliverables: binary that could be deployed to cloud servers. SDK documentation site. Result of stress test with large number validator nodes. 

Outcome: a binary that is ready to be used. A robust system that could sustain a large amount of validator nodes. beta version is thoroughly tested by our QA. SDK documentation site is ready for beta testing.

Milestone 3: Production release

Deliverables: production binary file. SDK documentation site. Announce the 

Outcome: successful completion of the product. Collaboration with other Cardano developer teams.

[RESOURCES & VALUE FOR MONEY] Please provide a detailed budget breakdown of the proposed work and resources.

• Developer Salary: 80,000 ADA for expected 800 hours of work. 
• Infrastructure cost: 15,000 ADA. This includes website hosting, cloud services for stress tests
• QA cost: 10,000 ADA
• Contingency planning 5% = 5250 ADA(risk for the ADA price fluctuation during the project implementation.)
• Total budget requested: 110250 ADA
• The total working hours: 1050.
• Ave cost/hour: 105 ADA/hour (equivalent 31.5$/hour)

(*) detailed budget breakdown can be found in the attached file.

[RESOURCES & VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

For the Cardano Community, Our proposal will provide high value for money for the Cardano community. This project will become a library for Cardano developers to utilize and build on top to support multi-party signing. 

1.Enhanced Cross-Chain Interoperability:

• The bridge explorer enables seamless asset transfers between EVM chains and Cardano L2, facilitating interoperability within the ecosystem.
• This allows developers, projects, and users to leverage the capabilities of different blockchain networks, expanding the range of applications and services available.
• The cost invested in developing the bridge explorer directly contributes to the ecosystem's ability to connect with other chains, opening up new possibilities for collaboration and growth.

2.Increased Trust and Accountability:

• The bridge explorer ensures full traceability of asset transfers, addressing concerns about transparency and security.
• Users can verify the origin, ownership, and movement of tokens, reducing the risk of fraudulent activities and enhancing trust within the ecosystem.
• This increased trust contributes to the overall stability and reliability of the Cardano ecosystem, attracting more users and investors.

3.Improved User Experience:

• The bridge explorer provides a user-friendly interface for tracking and verifying asset transfers, making it easy for users to navigate and understand the process.
• Users can access detailed transaction information, ensuring the authenticity of transfers and enhancing their confidence in the ecosystem.
• The cost invested in developing a seamless and intuitive user interface contributes to a positive user experience, increasing user engagement and satisfaction.

4.Catalyst for Innovation and Development:

• The bridge explorer serves as a catalyst for innovation within the Cardano ecosystem.
• It provides developers, projects, and exchanges with a reliable solution for cross-chain asset transfers, encouraging the creation of new dApps, services, and financial instruments.
• This fosters a vibrant ecosystem where new ideas and projects can thrive, attracting talent and investment to further propel the ecosystem's growth.

5.Long-Term Value and ROI:

• While the initial cost of developing the bridge explorer may be significant, it provides long-term value and return on investment.
• The enhanced interoperability, trust, and user experience generated by the bridge explorer can attract more users, developers, and investors to the Cardano ecosystem.
• This increased adoption and engagement can lead to economic growth, ecosystem expansion, and potential revenue opportunities that outweigh the initial investment, providing long-term value and ROI.

The cost of the project is also considered low compared to the cost of the seniority of the engineers in the team. Our dev team is based on Silicon valley. The average salaries of product designers ($72 per hour), developers ($68 per hour), and product managers ($65 per hour) are quite high (the detail table as below.) However, we budgeted salaries of $31.5 per hour, which is 50% value for money for the Cardano Ecosystem, we will leverage resource from other proposals to use for this project.

• Senior Product Manager$65https://www.ziprecruiter.com/Salaries/Senior-Product-Manager-Salary
• Senior Software Engineer$68https://www.ziprecruiter.com/Salaries/Senior-Software-Engineer-Salary-per-Hour
• Senior Product Designer$72https://www.ziprecruiter.com/Salaries/Senior-Product-Designer-Salary-per-Hour

[IMPORTANT NOTE] The Applicant agreed to Fund10 rules and also that data in the Submission Form and other data provided by the project team during the course of the project will be publicly available.

I Accept