Technology Deep Dive

Public private key pairs

When holding digital assets directly in self-custody (i.e. not via an exchange or 3rd party custodian) the blockchain doesn't know your name - just a "public address" and your balance of assets is "owned" by this address.
In order to move your assets anywhere else you need the public address corresponding "private key" to "sign" any transaction, which is then verified by the blockchain network before the transaction is processed.

This private key is simply a string of characters (e.g. 310fe2e677a3ad28acb91d2645bb33882f015ab11e59dce9d2a72905979e3cb6) that is used to cryptographically prove ownership of its corresponding public address through cryptographic functions (i.e. "signing").

The issues arise around ownership, since there is no name attached to your public address and it is only controlled by the private key. Anyone who manages to gain access to this private key can take complete control of any assets associated with your public address and send them anywhere they like!

There are many examples of this, where both individuals and companies have had their private key compromised, resulting in a total loss of their assets.

Secure Multi-Party Computation (MPC)

MPC is a subfield of cryptography that enables multiple parties to jointly compute a function over their inputs while keeping those inputs private. In the context of digital asset custody, MPC allows a private key to be split into shares distributed across multiple parties.

Key properties of MPC:

  • Each party only has access to their own secret share, not the full private key
  • To reconstruct the private key and sign a transaction, a threshold number of parties must contribute their shares
  • Even if some shares are compromised, the private key remains secure as long as the threshold is not met

io.vault uses MPC to generate key shares when a new vault is created. These shares are then distributed to the signers in the vault's signing party.

Threshold Signature Schemes (TSS)

TSS is a cryptographic primitive that allows a group to collectively sign a message or transaction, as long as a threshold number of participants agree. This provides both redundancy and security. Rather than operating on single signatures, TSS instead uses a customizable number of "secret shares" to accomplish the same feat of signing a transaction for a corresponding public address. In addition to being able to customize the number of secret shares you can also set a "threshold" which determines how many secret shares are required in order to generate a valid signature.

This means that you could have many different secret shares held in different locations, with different people, and if one of them was stolen no assets could be stolen as the threshold could not be reached by the attacker.

Combined with MPC, the end result is a technology which allows us to eliminate the single point of failure normally associated with holding self-custody of digital assets. In addition, it allows users of our product to determine for themselves the level of security for each vault (number of shares, and required threshold) and distribute that signing power across multiple employees instead of relying upon one trusted person who may not be available.

In a TSS setup:

  • A private key is split into N shares, held by N parties
  • Any M out of N parties can collaborate to produce a valid signature (M <= N)
  • The private key is never reconstructed in full, maintaining security

When a transaction is initiated from an io.vault, the TSS scheme springs into action:

  1. The transaction is distributed to all signers in the vault's signing party
  2. Each signer uses their key share to partially sign the transaction
  3. Once enough signers (meeting the threshold) have participated, the partial signatures are combined into a valid final signature
  4. The signed transaction is broadcast to the blockchain network

By using TSS, io.vault ensures that no single party can unilaterally sign transactions, and compromising a subset of signers does not compromise the entire system. The threshold can be customized per vault based on the desired balance of security and availability.