Distributed Key Generation

About the session keys

Users authenticate using an EOA wallet during key generation and register an ephemeral signing key pair and associates it with their identity.

The frontend can now use the ephemeral signing key pair to authorize signing requests for duration of the session without the need for repeated user interaction, providing a seamless and secure authentication mechanism.

We use EOAAuth to authenticate the user during keygen. The EOAAuth object is created with the user's wallet address, ephemeral public key, and lifetime of the key in seconds.

We then use EphAuth to authenticate the user during signing. The EphAuth object is created with the user's wallet address and ephemeral keypair.

Keygen

The full working example is in the demo. The core object to use is the NetworkSigner.

It allows the generation of keys and signatures. To create, you need two other components. The WalletProviderServiceClient connects to the Backend part of the SDK, and the authentication module. Currently, we provide EOA authentication via EOAAuth.

Let's create the NetworkSigner

// Generate ephemeral secret key esk
const sk = ed.utils.randomPrivateKey();
ephSK = sk;
// Derive public part epk from esk
ephPK = await ed.getPublicKeyAsync(sk);
  
// Create a client that connects to the backend service  
const wpClient = await createWalletProviderService(clusterConfig);

// Create EOA authenticator, signature will include epk
const eoaAuth = new EOAAuth(
  accountsFromBrowserWallet[0],
  new BrowserWallet(),
  ephPK,
  // Lifetime of one hour
  60 * 60,
);

// Create a new signer instance
const sdk = new NetworkSigner(wpClient, threshold, partiesNumber, eoaAuth);

Now you can generate a key, using the authenticateAndCreateKey method. The method accepts optional permissions. No permissions means allow all operations.

const permissions = {
    permissions: [
        {
            type: 'erc20',
            method: 'approve',
            to: '0x1234567890123456789012345678901234567890',
            args: {
                spender: '0x1234567890123456789012345678901234567890',
                value: 10000,
                eq: '<'
            }
        },
    ]
}

// Generate a new key
let resp: KeygenResponse = await sdk.authenticateAndCreateKey(JSON.stringify(permissions));

More details about Permissions in the Scope of Permissions.

Calling this method will cause to the Browser Wallet window to pop up, requesting the User to sign the request. After execution, KeygenResponse is returned.

The KeygenResponse contains keyId and publicKey. The publicKey is the public part of the key generated by Silent Network. Use the keyId in subsequent calls to sign.

The esk key can be later used by the frontend in subsequent signgen requests as the authentication method

Last updated