dfinity · ninegua · Apr 12, 2022 · Jan 25, 2022 · Jan 25, 2022 · Feb 4, 2022
@@ -44,6 +44,18 @@ service ic : {
   deposit_cycles : (record {canister_id : canister_id}) -> ();
   raw_rand : () -> (blob);
 
+  // Threshold ECDSA signature
+  get_ecdsa_public_key : (record {
+    canister_id : opt canister_id;
+    derivation_path : vec blob;
+    key_id : text;
+  }) -> (record { public_key : blob; chain_code : blob; });
+  sign_with_ecdsa : (record {
+    message_hash : blob;
+    derivation_path : vec blob;
+    key_id : text;
+  }) -> (blob);
+
   // provisional interfaces for the pre-ledger world
   provisional_create_canister_with_cycles : (record {
     amount: opt nat;

@@ -1654,6 +1654,28 @@ There is no restriction on who can invoke this method.
 
 This method takes no input and returns 32 pseudo-random bytes to the caller. The return value is unknown to any part of the IC at time of the submission of this call. A new return value is generated for each call to this method.
 
+[#ic-get_ecdsa_public_key]
+=== IC method `get_ecdsa_public_key`
+
+This method returns the threshold ECDSA public key for the given canister using the given derivation path. If the `canister_id` is unspecified, it will default to the canister id of the caller.
+The `derivation_path` is a vector of variable length byte strings.
+For https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki[BIP-0032] compatibility, each byte string (`blob`) must be a 4-byte big-endian encoding of an unsigned integer less than 2^31^ (non-hardened).
+The only supported `key_id` value at the moment is `"secp256k1"`.
+
+The return result also contains a `chain_code` which can be used for key derivation purpose if needed.
+
+This call requires that the ECDSA feature is enabled and working properly, and the `canister_id` meets the requirement of a canister id.
+Otherwise it will be rejected.
+
+[#ic-sign_with_ecdsa]
+=== IC method `sign_with_ecdsa`
+
+This method returns a new threshold ECDSA signature of the given `message_hash` that can be separately verified against a derived ECDSA public key.
+This public key can be obtained by calling `get_ecdsa_public_key` with the caller's `canister_id`, and the same `derivation_path` and `key_id` used here.
+
+This call requires that the ECDSA feature is enabled and working properly, the caller is a canister, and `message_hash` is of 32-bytes long.
+Otherwise it will be rejected.
+
 [#ic-provisional_create_canister_with_cycles]
 === IC method `provisional_create_canister_with_cycles`