Supported Features
This section outlines the current status of feature support for Silent Network. We continuously add features based on customer needs. If you don't see a feature you're looking for here, contact us - we may already be working on it!
Supported Algorithms
ECDSA (DKLS23)
- Protocol: DKLS23 - State-of-the-art threshold ECDSA
- Use Cases: Bitcoin, Ethereum, and other ECDSA-based blockchains
EdDSA (L22)
- Protocol: L22 - Optimized threshold EdDSA
- Use Cases: Solana, Algorand, and other EdDSA-based blockchains
Core Features
Key generation
Create a new wallet in a truly distributed way
- A new wallet is generated collaboratively between the client and server.
- The private key is never assembled or known in its entirety by any party.
- Each party generates its own secret share, contributing to the overall private key.
- The corresponding public key (wallet address) is derived from these shares without revealing the private key.
- The process ensures that the complete private key never exists on any single device or at any point in time.
This distributed key generation forms the basis for all subsequent MPC operations, providing a secure foundation for the wallet with enhanced privacy and security guarantees.
Sign generation
Sign messages while maintaining the distributed nature of the private key:
- Collaborative signature generation occurs between the client and server.
- Each party uses its secret share to contribute to creating a valid ECDSA signature.
- The private key remains distributed and is never reconstructed during the signing process.
- The resulting signature is cryptographically identical to one created with a standard single-party wallet.
- Supports signing of arbitrary messages, typically transaction data on the blockchain.
This distributed signing process allows for secure transaction authorization while preserving the key's distributed nature, exemplifying the MPC wallet's enhanced security model.
Key Refresh
Proactively update the client's and server's secret shares without altering the wallet's public address or key. This process enhances long-term security of the MPC wallet.
Key Refresh Advantages
Key refresh is a critical security feature in MPC systems, offering several advantages:
- Forward security: Regularly refreshing shares maintains the system's security posture and invalidates the old compromised shares, at the event of share compromise.
- Hardening Cryptanalysis : It reduces the attack vector of cryptanalysis since the potential adversary can obtain fewer signatures from the same secret key.
- Compliance with Key Rotation Policies: Helps meet regulatory or organizational requirements for periodic key updates.
By implementing regular key refreshes, the overall security of the MPC system is significantly enhanced, creating a dynamic security environment that's resistant to long-term attacks and information leakage.
Advanced features
Key Import
Convert an existing EOA (Externally Owned Account) into an MPC wallet by importing the private key. While this enhances security through distribution, it's important to note that the original private key has existed in full form. Therefore, we cannot provide the same level of security guarantees as with a natively generated MPC wallet. Secure management of the original private key remains the developer's responsibility.
Key Export
Users can convert their MPC wallet back to a standard EOA by exporting the full private key at any time. This process reconstructs the complete private key from the distributed shares. It's crucial to understand that once exported, the wallet loses the enhanced security benefits of MPC. The responsibility for securely managing the exported private key shifts entirely to the developers and users from this point forward.
Presign (ECDSA only)
Presign allows the signing parties to offline precompute expensive signature material. Offline means before any active user needs to sign a specific message. By doing so the total running time for computing signatures is almost instant minimizing network traffic load and computation demand. Note this feature is for ECDSA, as the EdDSA MPC-protocol is much less resource consuming, such optimization is not required.
Re-try mechanism for DSG and Presigns
In an event of failed signature generation (the nodes chosen to execute the request are unreachable), the network will automatically select different quorum and try to process the request again.
Permissions
During key generation optional permissions can be attached to the MPC-Key. Each node will store the exact same copy of permissions.
The permissions are immutable, and take role in DSG execution.
The DSG request get's executed if and only if it fulfills the permissions policy.
Example permissions include:
- Allow
transferFromon ERC721, only for tokenXYZ - Allow for
transferFromon ERC20, but only if the amount is less thanABC
Reach out to us for designing your permissions policy!
Monitoring
We enable Grafana dashboards, Jaeger and Open Telemetry stack to monitor the health of the nodes.
Quorum Change
In Beta
Quorum change unique feature enables to dynamically reassign a new set of mpc nodes changing the original thresholds parameter t and the total number of parties n. That is an interactive protocol between old and new nodes. The protocol supports adding nodes or removing nodes dynamically. Some use cases include:
- Changing the threshold
tor the number of partiesnfor given key - Provides different charging policies for your infrastructure that a client can dynamically upgrade or downgrade
- Dynamically update L1 validators with new nodes or slash existing ones by removing them from the network
Eigen Layer
On the roadmap
The Nodes might be run by external companies (Operators) that specialize in hosting such software, and fulfill hardware requirements.
Eigen Layer allows to reward Operators when host the service, and act honestly. Also allows to slash otherwise.
Operators put a stake on Silent Network AVS contract and commit to act honestly while providing the service. Silence Laboratories provides mechanism that detects if any of them is acting dishonest. EigenLayer allows to slash Operators funds (i.e. take their stake) if such event occurs.
The slashing/rewarding mechanism brings economic security. The stake the Operators put as collateral should be big enough to discourage any dishonest behavior. Ideally, the whole network economic security should be bigger than the digital assets it secures.
User authentication
The network can verify if the request came from the User, by verifying the authentication data attached to the request.
EOA
User signs the request to the network using Externally Owned Account, for example by using the MetaMask wallet, by calling signTypedData.
Passkey
The Network supports user Passkey registration. Each node will hold the User's Passkey data. Meaning each note involved in the request will verify the user request signed by the Passkey.
Social Login
On the roadmap
With social login, Users will be able to register to the network by external services, like GMail, and authenticate the requests by providing tokens from those services.
Session keys
By default each request coming from the User must be authenticated, for example by EOA signing.
That means upon every single message signing the user is prompted to verify the request and sign. There are use-cases where number of signs is so high, that constant User interaction is highly undesired.
Therefore Silent Network brings Session Keys functionality, it's session-based authentication (with predefined expiry) that requires user interaction only during DKG. Afterward, Application can perform DSGs without any user intervention. This significantly improves user experience by eliminating repetitive transaction approval prompts.
Some use cases include:
- Currency exchange - where the operations must be done quickly and frequently
- Agent2Agent communication - passing the Session Key to the Agent allowing to do operations on Users behalf
User is still in full control of session keys, can revoke the sessions, create new ones.
Note that Session Keys together with Permissions opens a wide field of opportunities, bringing UX and the security together.
Execution in Trusted Execution Environments (TEE)
TEE, also known as Secure Enclave, it is a confidential environment where the workload executes and no one, even the user with root privileges, can read, dump, or alter the workload memory.
That means data is encrypted while in-use. Even further securing the MPC Network execution.
Silent Network currently supports:
- Bare Metal Intel's SGX, that can be used in specific cases
- Google Confidential Space.
AWS Nitro and Cloud SGX are on the roadmap.