Binance Smart Chain and Torus have collaborated to launch a new open-source system for safe and convenient threshold key management.
With the fast growth of cryptographic applications, key management has become an increasingly crucial subject. Mismanagement of private keys often results in considerable financial loss and the importance of key management today goes beyond financials to control of DAOs or even our identity.
Non-custodial private key management solutions have made significant progress to streamline the user onboarding experience, but have long been plagued by the trilemma of having to sacrifice security or redundancy for convenience. Many of these systems also have points of centralisation that reduce censorship-resistance, and these issues can be mitigated with the implementation of secret sharing schemes.
Through partnership with Torus, Binance Smart Chain furthers its commitment to open source initiatives, enhancing usability and improving security of the ecosystem by announcing tKey.
tKey is a model of threshold key management that solves the trilemma without sacrificing user experience, while retaining end-user autonomy and control. The model manages Shamir Secret Sharing (SSS) using the user’s devices, private inputs, and wallet service providers. Similar to 2FA systems, as long as the user has access to 2 out of 3 of their shares, they will be able to retrieve their private key.
- User device share: Implementation is device and system specific. For example, on mobile devices, the share could be stored in device storage secured via biometrics.
- Service provider share: This share is kept and managed by a wallet service provider via their own authentication flows. e.g. the Torus Network which conducts a distributed key generation protocol to split and secure your share further, retrievable via OAuth logins.
- Recovery share: This is based on user input (eg. password, security questions, hardware device, etc.).
This initial setup provides several benefits for users.
Key Features of tKey
- Convenient/seamless usage - This architecture is compatible with existing user flows, allowing wallet service providers to continue providing a seamless experience for key management.
- Improvements to key recovery - In the event when one of the shares is lost, (e.g. device loss), users can still retain access to their keys, and revoke access rights from the lost share.
- Self-custodial - The service provider cannot access the user’s private key since they only have one share. They also cannot censor users since the user has a recovery share. Users can also choose to migrate to other service providers.
- Progressive security - tKey gives users flexibility in access control based on their desired level of security. Increasing the threshold of shares required for the reconstruction of the key would in turn increase security of their key (e.g. configuring access to require 3 out of 4 shares).
Just like native private keys, tKeys are off-chain and thus composable with different blockchains and elliptic curves. By relying on native cryptography primitives, tKey avoids additional transaction costs. tKey is also compatible with on-chain constructions like multi-sigs and smart contract wallets, and can be used flexibly in conjunction with these systems for increased security.
In line with other threshold cryptography endeavors, tKey is a step towards improving key security in the community as a whole. Further work includes Threshold Signature Schemes with tKey so that the private key need not be reconstructed in the front-end when signing transactions.
Binance Smart Chain Chrome Extension Integration, Open Source SDK and Security Audits
Merging the best practices from proven key management models, tKey is the next step to lay the foundation needed for mainstream adoption of decentralised ecosystems.
For a start, users will soon be able to log in and set up their tKey wallet on the Binance Smart Chain Chrome extension and similarly on binance.org.
Developers can also expect the release of an upcoming open-source SDK of tKey, which they can integrate into their own key management systems to harness the benefits of threshold key management. Audits for the tKey SDK are pending and will be made available to the public in due time.
The full specification of tKey can be found here.