Digital Signature Generation
Last updated
Was this helpful?
Last updated
Was this helpful?
Keys are required for generating a digital signature, which is the basis of any blockchain solution. If a user makes a transaction and provides a valid signature, the network can verify the signature and make sure it was created by the person who knows the key, since it is mathematically impossible to create a signature without knowing the key. The most important thing for any user of blockchain solutions is to keep the key secret, since if the key is known to another user, the network will accept messages signed by this user as messages from the key owner.
Distributed keys work according to the same general principle, but have an advantage, since to compromise them, you must access several devices storing the key components at once. For example, if your simple key is stored on your phone, then stealing your phone will lead to stealing your key too. If your key is divided into components and stored on different devices, e.g. on your phone and computer, then losing one of your devices will not lead to losing control over the key.
Keys can be divided in different ways, the simplest and most logical way is to represent the key as a string and divide it into equal parts. For example, we can divide the key into two parts and save the left one on the computer, and the right one on the phone. In this case, having a convenient way of transferring part of the key (without saving it) at the time of creating the signature, we will implement the basic separation principle. The moment of combining the components is a weak (vulnerable) point, since the secret is disclosed at this moment. Obviously, if an attacker gains access to the key components at the moment they are combined, then it will be easy for him/her to obtain the complete key and start acting as the key owner on the network.
Distributed keys without disclosure do not need to be transmitted over the network at the time of signing. To put it simply, we can say that each component generates a part of the signature locally. Parts of the signature, as well as the entire signature, are public and not sensitive to disclosure, so you don’t need to worry about maintaining confidentiality when sending them.
In this scenario, we can be absolutely sure that the key is completely safe as long as we retain control over at least one of the components. But in case you lose one of the components necessary for generating a signature, you need to be able to restore access to your funds.
