Skip to main content

The zrSign Protocol

Introduction

The zrSign protocol is a smart contract designed for providing key- and signature services on various EVM blockchains. Zenrock's dMPC will periodically query the zrSign smart contracts for pending requests and return the responses back to the smart contract. Stored in the smart contract, the public keys can be used like an externally owned account across the entire evm ecosystem. zrSign specifies three different endpoints that allow you to request signatures for arbitrary data (zrSignData), blinded hashes (zrSignHash), and for transactions (zrSignTx) including a relayer service.

The protocol is implemented as a set of smart contracts that can receive requests and the dMPC's responses. A proxy smart contract allows for upgrading zrSign and the addition of new features.

How does the zrSign protocol compare to existing on-chain key management services?

To understand how the zrSign protocol differs from existing on-chain key management services, it is helpful to differentiate between multisig wallets and dMPCs.

Multisig Wallets

A multisig wallet is a type of cryptocurrency wallet requiring multiple signatures from different parties for transactions. It's set up with several private keys distributed among individuals or entities, with a predetermined number needed to authorize transactions. Users create transactions and send them to the wallet, which verifies and collects the required signatures from authorized signers. Once enough signatures are gathered, the wallet combines them to execute the transaction securely.

These wallets are commonly used in scenarios where multiple parties need joint control over funds, enhancing security by requiring consensus before transactions. They're ideal for businesses, organizations, or partnerships seeking to mitigate risks associated with unauthorized access or fraud.

The most popular example for this type is Gnosis, a digital wallet designed for managing and cryptocurrencies and digital assets through multi signature.

Shamir's Secret Sharing Scheme

Shamir's Secret Sharing is a cryptographic scheme that divides sensitive data like private keys into parts. Users can define the total number of parts, and a specific subset of parts required to recreate the whole.

Unlike MPC TSS, where signing is truly distributed and each signer directly signs the transaction, in SSSS the shares need to be reassembled on a single machine, or by a single trusted actor. This introduces a single point of failure.

Multi Party Computation

Multi-Party Computation (dMPC) is a cryptographic protocol that allows multiple parties to jointly compute a function over their inputs while keeping those inputs private. It ensures that no single party can learn the inputs of others, and the output is revealed only to authorized participants. dMPC achieves this by distributing the computation among the participating parties, with each party holding a share of the data and contributing to the final result.

In dMPC, each party privately inputs their data into the protocol, which then orchestrates the computation across all participants. Through secure computation techniques such as secret sharing and cryptographic protocols like secure multiparty computation (MPC), dMPC ensures that the computation is performed without any party revealing its private data to others. Once the computation is complete, the output is revealed to the authorized parties without exposing any individual inputs, maintaining privacy and confidentiality throughout the process.

In the context of digital assets, MPC can be used to replace individual private keys for the signing of transactions.
MPC distributes the signing process between multiple computers. Each computer possesses a piece of private data representing a share of the key, and together they cooperate to sign transactions in a distributed way.

Zenrock implements dMPC and makes it accessible through the zrSign smart contract.