RFP-3: Chain-Key Signatures #5
Comments
|
@domwoe, wanted to check whether this RFP is still open. The idea of hosting an ACME server over Internet Computer looks interesting and promising to me. Would be coming up with a proposal soon :) |
|
@Rishabh0712 Looking forward to your proposal. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Overview
The Internet Computer implements a novel threshold ECDSA (tECDSA) protocol to produce chain-key signatures. In this protocol, the private ECDSA key is held in a secret-shared manner by multiple parties, namely the replicas of a threshold-ECDSA-enabled subnet on the IC, and signatures are computed using those secret shares without the private key ever being reconstructed. Each replica of such subnet holds a key share that provides no information about the key on its own, and at least one-third of the replicas are required to generate a threshold signature using their respective key shares. This allows each canister on any subnet of the Internet Computer to control a unique ECDSA key pair and request signatures.
ECDSA signatures are widely used within and outside the Blockchain ecosystem. Platforms/Ecosystems like Ethereum, Cosmos, Filecoin, or Polkadot among many others support ECDSA (on the same curve
secp256k1) for signing transactions.Furthermore, JSON Web Tokens (JWTs) support ECDSA and are widely used for authentication and authorization. More recent standards such as Verifiable Credentials which are heavily used in the Self-Sovereign Identity (SSI) ecosystem can also be used with ECDSA signatures.
Lastly, Public Key Infrastructure (PKI) based on Certificate Authorities and x.509 certificates support ECDSA. However, the Web PKI underlying HTTPS and TLS uses another curve and is not directly compatible today.
Areas for Proposals
Novel applications and infrastructure
Integrations with other Blockchains
Chain-key signatures allow a canister to effect actions on other blockchains. The signed transactions can be either submitted using HTTPS outcalls or introducing (incentivized) relayers.
JWT AuthZ canister
Chain-key signatures allow canisters to issue JWTs. This allows the Internet Computer to be used as an authorization server for microservices and other resource servers outside the IC.
Decentralized Certificate Authority
Chain-key signatures allow canisters to issue x.509 certificates used in Public Key Infrastructures (PKIs). Hence, a canister can serve the role of a decentralized certificate authority. An interesting project would be to investigate if a canister using chain-key signatures and HTTP outcalls, potentially using a custom gateway, could serve as an ACME server similar to Let's encrypt.
Your unique idea
Of course, we are also excited to support you in the implementation of novel use cases that we haven't thought of.
Libraries and Tooling
Tutorials and well-documented Sample Applications
Tutorials in written and/or video form as well as well-documented example applications help new developers get started.
How to apply?
Please submit your application at https://dfinity.org/grants
References
ecdsa_public_keyandsign_with_ecdsaThe text was updated successfully, but these errors were encountered: