At ZenGo, we’ve been at the forefront of exploring blockchain security and how Threshold Signature Schemes (TSS) can enhance the native capabilities of blockchains.
A Threshold Signature Scheme removes the burden of a single atomic private key, splitting the generation of keys and key management responsibilities between multiple parties. Today we share the details on adding TSS support for the Terra blockchain.
Terra is a blockchain network powered by a family of native stablecoins, each pegged to major fiat currencies, all algorithmically stabilized by Terra’s governance and staking token, Luna. Terra has experienced significant success through the adoption of the Chai payments app built on Terra. With more than 1.8 million users in Korea alone, it stands in third place behind only Bitcoin and Ethereum in total transaction fees accumulated.
Terra has made enormous strides in mass adoption and continues to push blockchain to a broader user base with its support for a savings product, Anchor, that provides principal protection and generates high, predictable yields from block rewards on supporting proof of stake blockchains–soon to include Cosmos, Polkadot, Solana, and many more.
With Terra’s continued growth, we believe ZenGo’s Threshold Signature Scheme implementation is pivotal to achieve responsible and secure key management for the masses.
In this post, we breakdown the details of our TSS for Terra as executed and implemented by our blockchain research team.
Threshold Signature Scheme (TSS)
A Threshold Signature Scheme (TSS) removes the burden of the single atomic private key and splits the responsibility of key generation and key management between multiple parties.
In a threshold signature scheme, a set of ‘n’ participating parties which will be responsible for key generation, management and signing will interactively generate an m-of-n secret sharing of a single atomic key. Each participating party generates its own secret and uses it to distributively sign a transaction without revealing the secret to the other parties. For a high-level overview of TSS, please refer to our blog post.
The ZenGo team has invested significant efforts and resources implementing TSS and making the scheme compatible and reusable for blockchains and digital signatures algorithms. This compatibility allows us to rapidly onboard and add TSS support to new blockchains.
ZenGo has implemented Threshold Signature Scheme (TSS) support for public chains like Bitcoin, Ethereum, Binance Coin (BNB), Zilliqa (ZIL), Libra, Tezos and others and we are always looking to extend our TSS support to other coins.
We’ve chosen Terra for the following reasons:
- Trust in our project: Terra partnered with ZenGo to be one of the first official wallets to support its family of stablecoins and stabilizing token, Luna.
- Timing and mass distribution: Terra is a global public blockchain project that aims to bring a user-friendly blockchain experience to millions. We believe our TSS technology, which enables a user-friendly experience by eliminating the burdens associated with owning a private key, is critical to mass adoption.
- Geography: Asia is an exciting region for cryptocurrency. Supported by both high consumer adoption rates and advanced government regulations, the asian region has led rapid expansion and integration of blockchain..
- Technical maturity: To implement a TSS wallet with a blockchain requires a mature developer environment. Terra network had all the needed ingredients in its testnet:
- A faucet so we could test everything without risking money.
- A blockchain explorer so that we could confirm our transactions were successfully recorded on the blockchain.
- Access to a testnet provided via API and an Open source SDK was far easier than setting up a full node.
The open-source SDK
Terra is a blockchain protocol that provides the fundamental infrastructure for a decentralized economy and enables open participation in the creation of new financial primitives to power the innovation of money.
The Terra blockchain supports advanced features, including CosmWasm smart contracts that run on WebAssembly and can take advantage of core modules like on-chain swaps, price oracle, and staking rewards to power modern DeFi apps. It’s built atop Cosmos SDK and uses Tendermint BFT consensus.
Because our TSS is blockchain agnostic, it can easily integrate with this unique architecture and support all messages, related to both simple and smart contracts’ based transactions. This compatibility has allowed us to complete our SDK in a matter of days without a need for extensive or lengthy “integration” support from the Terra side.
To allow the signing process to be executed asynchronously, which is a requirement in our use case for signing over the network, we contributed to the Terra SDK. We used the SDK and incorporated TSS generation and signing, using a client-server architecture. Here, the server acted solely as the co-signer in the two-party protocol and held no logic specific to Terra.
- Generation: We changed the code so that the public key is jointly generated by our client-server architecture and exported to the Terra client instead of being computed from a private key. Of course, this part does not prove anything, as any random string can be successfully converted into an address. The real challenge is to sign a transaction from this address.
- Signing: The main change was in the signing function. We changed how the message was exported so that it was jointly signed by our TSS client-server architecture. The terra SDK allowed us to easily implement the abstract signing functionality with our TSS signer.
Our implementation can be accessed directly using the command-line, as shown in the demo below, or by including the code in other Terra projects.
Besides the basic commands for generating an address and sending LUNA and Terra stablecoins, we have also implemented the functionality of swapping Terra stablecoins for LUNA on-chain, a feature of the Terra network. In the future, we plan to add staking, delegating, and reward claiming functionalities.
TSS is needed even if Terra supports MultiSig
It’s worth noting that even though Terra supports smart contracts that may allow users to add multi-signature security, there are still distinct advantages to using TSS. One main advantage is TSS transactions look exactly the same as regular transactions. Unlike MultiSig transactions, the TSS “magic” is applied in the mathematical layer, not in the application layer.
- If MultiSig is realized through smart contracts, additional fees may be incurred for smart contract execution. Furthermore, MultiSig smart contract functionality might be challenging to verify, as shown in the multiple incidents suffered by some Ethereum-based MultiSig smart contracts.
- The control mechanism is not exposed to the world: With TSS, the signing parties are never revealed. Therefore, adversaries cannot learn about the various parties or their control structure, nor can they monitor changes to them.
Concluding thoughts and future plans
It was gratifying for our team to add TSS support to such a valuable and ambitious team looking to truly set money free laying the groundwork for open financial infrastructure. By leveraging our previous experience with generic TSS infrastructure, creating a developer-ready Terra TSS version was straightforward.
However, our work with TSS is not done yet. We plan to extend this project by working with the Terra community to provide TSS support for more advanced use cases in the future. We’re open-sourcing our SDK to encourage developers to incorporate it into their Terra projects. As always, we welcome feedback and peer review to make our code even better. For any requests or feedback send us a message at [email protected]