Threshold Signatures for Cardano Wallets

[GENERAL] Name and surname of main applicant

Dylan Crocker

[GENERAL] Are you delivering this project as an individual or as an entity (whether formally incorporated or not)

Entity (Incorporated)

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

12

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language.

No

[GENERAL] Summarize your solution to the problem (200-character limit including spaces)

Our solution is to provide an open-source implementation of threshold signature tooling that is compatible with Cardano wallets and a CLI tool for creating split keys and threshold signatures.

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

No

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.”

No dependencies.

[GENERAL] Will your project’s output/s be fully open source?

Yes

[GENERAL] Please provide here more information on the open source status of your project outputs

Project will be fully open source under the MIT license.

[SOLUTION] Please describe your proposed solution.

Threshold signatures are a cryptographic technique where a group of participants collaboratively create a signature without relying on a single individual's private key. It enhances security and resilience. Participants each hold a share of the private key and combine them to generate a valid signature. Threshold signatures offer distinct advantages over both single-key signatures and multi-signature scripts in the context of a blockchain application. A great introduction may be found in the Coinbase blog article on threshold signatures.

Compared to single-key signatures, threshold signatures enhance security and resilience. With a single key, if it is compromised or lost, the entire system's security is jeopardized. In contrast, threshold signatures distribute the signing authority among multiple participants, each holding a share of the private key. This means that even if some participants' key shares are compromised or unavailable, as long as the required threshold number of participants is active, a valid signature can still be generated. This significantly reduces the risk of a single point of failure and improves the overall security of the blockchain system.

Additionally, compared to multi-signature scripts, threshold signatures offer advantages in terms of efficiency and scalability. In a multi-signature scheme, each transaction input requires multiple signatures, resulting in larger and more complex transactions. In contrast, threshold signatures allow for a single aggregated signature to represent the combined authorization of multiple participants. This results in smaller blockchain transactions, reduces transaction fees, and improves the overall efficiency of the blockchain network.

By combining enhanced security and resilience with improved efficiency and scalability, threshold signatures provide a compelling solution for blockchain applications, addressing the limitations of both single-key signatures and multi-signature scripts. They offer increased security against key compromise and enable more streamlined and cost-effective transaction processing on the blockchain.

Threshold signatures can be implemented using the same underlying cryptographic algorithm as Cardano's default Ed25519 signatures. Ed25519 is a widely used and well-regarded elliptic curve algorithm known for its efficiency and security. Threshold signatures can be constructed using Ed25519 keys, making them compatible with the existing infrastructure of the Cardano blockchain. Moreover, the verification algorithm for threshold signatures remains the same as the standard Ed25519 signature verification algorithm. This compatibility simplifies the integration of threshold signatures into the Cardano ecosystem, allowing for enhanced security and resilience without requiring changes to the underlying verification mechanisms.

Our proposed solution involves implementing the necessary threshold signature tooling to generate signatures that are compatible with Cardano wallets. We will leverage the existing Ed25519 signature capabilities of our C++ library Viper25519. The Viper25519 toolset will be expanded to include the required functionalities for key splitting and generating valid signatures from a subset of keys (M of N sub-keys, where M is less than or equal to N). These threshold signatures will be verifiable using the standard Ed25519 signature verification, ensuring compatibility with the Cardano blockchain. To validate the functionality, we will create a CLI tool that can generate a split key, corresponding public key, payment address, and perform transaction building and signing. It's important to note that this tool will not include a secure messaging protocol for multiple users to combine signatures. The entire codebase will be open source.

[IMPACT] Please define the positive impact your project will have on the wider Cardano community.

This project will provide product developers coming to the Cardano ecosystem with verified tooling and reference implementations upon which to build secure dApps and other integrations using threshold signature technology. Threshold signatures represent an advancement over multi-signature scripts when multi-factor authentication is desired for enhanced security. The availability of such tooling will make Cardano an attractive candidate to builders.

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

The Viper Science team has been an active contributor to the Cardano community for over four years. In addition to operating stake pools since the Incentivized Testnet, we have developed several open source tools for Cardano developers and SPOs. Five of these projects have been successfully funded through Catalyst in the past:

• Ogmios Clients in Python & C++ (https://projectcatalyst.io/funds/10/f10-osde-open-source-dev-ecosystem/ogmios-clients-in-python-and-c)
• Expanding the Cardano C++ SDK: libcardano (https://projectcatalyst.io/funds/10/f10-osde-open-source-dev-ecosystem/expanding-the-cardano-c-sdk-libcardano)
• Cardano-Tools Python Library (https://projectcatalyst.io/funds/8/f8-open-source-development-ecosystem/cardano-tools-python-library) 
• Cardano development library in C++ (https://projectcatalyst.io/funds/8/f8-open-source-development-ecosystem/cardano-development-library-in-c)
• API for Multi-Delegation Portfolios (https://projectcatalyst.io/funds/6/f6-dapps-and-integrations/api-for-multi-delegation-portfolios)

A complete list of our contributions can be found at https://viperscience.com/. Additionally, our team has the domain expertise required to be successful with the proposed work, as we have already laid out much of the groundwork in our Viper25519 project. Details about the team members’ technical backgrounds are included below.

[Project Milestones] What are the key milestones you need to achieve in order to complete your project successfully?

Description

Implement functionality to split an extended Ed25519 key into multiple sub keys, generate a signature with all sub keys, and finally verify the signature against the public key corresponding to the original private key.

Outputs

1. Algorithm to split an Ed25519 private key into multiple shares.
2. Elliptic curve functionality for signature steps and value sharing.
3. Signature combination and verification.

Acceptance criteria

At this stage, the code for direct key splitting and threshold signatures will be complete and a high degree of confidence in the eventual success of the project will be achieved. Open source code pushed to the public repository including passing test cases.

1. Unit tests verifying the key splitting functionality.
2. Unit tests verifying the elliptic curve functionality for signature steps and value sharing.
3. Unit tests verifying signature combination and verification.
4. The new functionality is documented in sufficient detail that a reader could re-implement the code.

Description

Implement Shamir Secret Sharing functionality to split a private key into N sub-keys and set a threshold of M sub-keys required to create a valid signature (M <= N). Generate signatures and test validity.

Outputs

1. Lagrange polynomial functionality implementation for secret share generation.
2. Modification of signature steps to include the polynomial coefficients.
3. Signature combination and verification.

Acceptance criteria

At this stage, the code for direct key splitting and threshold signatures will be complete and a high degree of confidence in the eventual success of the project will be achieved. Open source code pushed to the public repository including passing test cases.

1. Unit tests verifying functionality of the Lagrange polynomial implementation for secret share generation.
2. Unit tests verifying the modification of signature steps to include the polynomial coefficients.
3. Unit tests verifying signature combination and verification.
4. The new functionality is documented in sufficient detail that a reader could re-implement the code.

Description

With the initial infrastructure built and tested, create a simple CLI tool that will enable a user to test the functionality by generating split keys and creating signatures from those keys. Use the tool to automate test transactions on the Cardano testnet. Use the CLI tool to demonstrate the functionality in a project close out video. Final project report.

Outputs

1. CLI tool creation exposing the functionality completed at earlier milestones.
2. Scripts to generate and validate testnet transactions.
3. Project final report and video.

Acceptance criteria

1. The CLI tool and example scripts may be used by those unfamiliar with the project details. Usage is well documented.
2. Report submitted and video uploaded to YouTube.

[RESOURCES] Who is in the project team and what are their roles?

The Viper Science team members are:

Dylan Crocker, PhD: Engineer & developer (https://www.linkedin.com/in/dylan-andrew-crocker/)

Dylan is an Electrical Engineer with experience in antenna and radar system design as well as software development. He earned a PhD in Electrical Engineering, with a minor in Computer Science, from Georgia Tech. His PhD research focused on ultra-wideband antenna design. Dylan got started building in the Cardano ecosystem when running a stake pool during the Incentivized Testnet in 2019. His most recent work includes an open source implementation of Cardano primitives written in modern C++.

Willie Marchetto: Engineer & developer (https://www.linkedin.com/in/willie-marchetto-2268aa266/)

Willie is a computer & astronautical engineer experienced in designing, developing, integrating, & deploying electronics and software for satellites, embedded devices, and traditional compute systems. His technical contributions span the areas of high-performance computing, web application development, DevOps system administration, satellite electronics design, embedded systems software/firmware, and machine learning algorithm development. Willie has been an active Cardano developer and stake pool operator since 2019 and is currently the chief engineer for research & development at an aerospace engineering contracting company.

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources.

The project team consists of engineers with advanced degrees, each with over ten years of professional experience developing and building complex systems in research & development environments. As a baseline labor rate, we are using a relatively conservative rate of $63.91, which is the mean hourly wage for software developers in the US according to the US Bureau of Labor Statistics.

Budget breakdown:

• Labor ($28,500.00):
• Milestone 1: 200 hours
• Milestone 2: 200 hours
• Milestone 3: 45 hours
• Materials ($0): 
• No materials required

Assumed $/ada exchange rate: $0.38

Total project cost: 75,000 ADA

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

Investing in this R&D effort will provide Cardano developers access to a reference implementation of advanced cryptographic primitives that provide increased application security and decentralization. Therefore it is our belief that the project cost represents excellent value for money for the Cardano ecosystem for the following key reasons: 

• Advanced cryptographic protocols attract developers who require enhanced security. Developers are already drawn to Cardano for its high assurance code base and security features. Threshold signatures pair well with Cardano’s security-focused milieu.
• Threshold signatures for extended Ed25519 keys enhance security for dApps and wallets by requiring multiple parties to create a valid signature (multi-factor authentication).
• Threshold signatures reduce transaction bloat and validation steps (CPU processing time). While such improvements may be marginal, they become significant when considering billions of transactions.

[IMPORTANT NOTE] The Applicant agrees to Fund Rules and also that data in the submission form and other data provided by the project team during the course of the project will be publicly available.

I Accept