Distributed Key Generation
About the session keys
Users authenticate using an EOA wallet during key generation and register an ephemeral signing key pair and associates it with their identity.
The frontend can now use the ephemeral signing key pair to authorize signing requests for duration of the session without the need for repeated user interaction, providing a seamless and secure authentication mechanism.
We use EOAAuth to authenticate the user during keygen. The EOAAuth
object is created with the user's wallet address, ephemeral public key, and lifetime of the key in seconds.
We then use EphAuth to authenticate the user during signing. The EphAuth
object is created with the user's wallet address and ephemeral keypair.
Keygen
The full working example is in the demo. The core object to use is the NetworkSigner.
It allows the generation of keys and signatures. To create, you need two other components. The WalletProviderServiceClient connects to the Backend part of the SDK, and the authentication module. Currently, we provide EOA authentication via EOAAuth.
Let's create the NetworkSigner
// Generate ephemeral secret key esk
const sk = ed.utils.randomPrivateKey();
ephSK = sk;
// Derive public part epk from esk
ephPK = await ed.getPublicKeyAsync(sk);
// Create a client that connects to the backend service
const wpClient = await createWalletProviderService(clusterConfig);
// Create EOA authenticator, signature will include epk
const eoaAuth = new EOAAuth(
accountsFromBrowserWallet[0],
new BrowserWallet(),
ephPK,
// Lifetime of one hour
60 * 60,
);
// Create a new signer instance
const sdk = new NetworkSigner(wpClient, threshold, partiesNumber, eoaAuth);
Now you can generate a key, using the authenticateAndCreateKey method. The method accepts optional permissions. No permissions means allow all operations.
const permissions = {
permissions: [
{
type: 'erc20',
method: 'approve',
to: '0x1234567890123456789012345678901234567890',
args: {
spender: '0x1234567890123456789012345678901234567890',
value: 10000,
eq: '<'
}
},
]
}
// Generate a new key
let resp: KeygenResponse = await sdk.authenticateAndCreateKey(JSON.stringify(permissions));
More details about Permissions in the Scope of Permissions.
Calling this method will cause to the Browser Wallet window to pop up, requesting the User to sign the request. After execution, KeygenResponse is returned.
The KeygenResponse contains keyId
and publicKey
. The publicKey
is the public part of the key generated by Silent Network. Use the keyId
in subsequent calls to sign.
The esk
key can be later used by the frontend in subsequent signgen requests as the authentication method
Last updated