Custody of Assets

MPC based self custody

Signing transactions on a blockchain such as the Verified Network requires users to manage their own private keys. Securely storing private keys is a challenge. To get around this, custodians offer secure storage for private keys, and often, this is based on the multi-party compute paradigm where the custodian and the user each retain a part of the key, often referred to a key shard. However, MPC based custody means a custodian's security can get compromised and a custodian can freeze assets belonging to a user by refusing to share its key shard for signing transactions.

Since the Verified Network is decentralized financial infrastructure, it provides smart contracts to create vaults for key shards, and the coordination mechanism by which multiple parties can confirm a transaction so that once quorum is reached, their key shards are assembled at run time to sign transactions. In this way, the user does not have the key in custody, and no co-signatories have the ability to block transactions since minimum quorum may not require all co-signatories to confirm a transaction.

Creating a key vault and defining quorum

The first step involves a user creating a key vault for itself. For this, the application needs to call the createVault function on the Vault contract on the Verified Network signed by the user wallet. Once a key vault is created, the user can define a quorum by calling the defineQuorum function on the Vault contract.

Adding nominee co-signatories and their confirmation

The user who has created a key vault can add any number of nominees as co-signatories. Usually, this is at least one and less than five other users who act as nominees. An application needs to call the addParticipant function on the Vault contract to add a nominee for a user that has signed the call with its wallet. This sends a notification from the Verified Network to the nominee that confirms itself as a co-signatory by calling the confirmParticipant function on the Vault contract by setting a unique PIN for itself.

Signing transactions

A user can initiate the transaction signing process by calling the promptSignatures function on the Vault contract. This notifies the co-signatories nominated by the user who confirm the transaction by calling the signTransaction function on the Vault contract where each co-signatory pass their unique PIN used to confirm their participation earlier.

Checking quorum and assembling private key

A user can check quorum of co-signatories by calling the checkQuorum function on the Vault contract. The user facing application then need to call getShards function on the Vault contract to retrieve shards securely and use a MPC algorithm to assemble the user's private key at run time. The Verified SDK uses Shamir's secret algorithm to assemble the user's key to sign transactions when the getShards function is called on the SDK's vault contract by the application.

Last updated