Applied Crypto: Introducing Noninteractive Distributed Key Generation
NIDKG apply advanced cryptography wey include encryption with forward secrecy and noninteractive zero-knowledge proofs.
By Jens Groth, Team Lead, Research | DFINITY
The Internet Computer — na revolutionary blockchain computer created by a network of independent data centers wey dey run advanced decentralized protocol —dey enable developers, organizations, and entrepreneurs to build and deploy secure applications and autonomous software programs. Unlike typical cloud-based or distributed architectures, wey dey operate on proprietary infrastructure or a specific hosting service, the Internet Computer blockchain dey enable software and services run directly on the open internet. The decentralized Internet Computer Protocol (ICP) dey create this secure network by implementing advanced cryptography.
In a decentralized, distributed system, various questions dey arise. At the peer-to-peer level, how we fit disseminate artifacts between nodes in this hostile open environment? How we do am in the most efficient way? How we fit define the most appropriate network topology? Then moving up, consensus protocol dey, where the main issue is to ensure sey the correct transactions dey verified and processed in the correct order in the absence of a central authority.
For the DFINITY Foundation, distinction no dey between research and development and the blockchain that wey we create. Our R&D team members dey regularly implement new technologies and see sey their ideas dey applied to practical use. A good example of this implementation at the cryptographic level na the Internet Computer’s noninteractive distributed key generation (NIDKG) protocol — the foundation’s first release of novel, core cryptography.
Introducing Noninteractive DKG
The end user of an application or service wey dey run on the Internet Computer dey interact with canister smart contracts, and not dey directly see the advanced cryptography wey dey used to build this blockchain. The Internet Computer defines a simple and clean interface wey specify how canisters operate, wey enable a software ecosystem where different apps fit communicate and use each other’s APIs.
Introducing the Internet Computer Interface Specification
It details how services and users communicate through the Internet Computer, and enables the community to create new…
Digging a little bit deeper reveals the usage of digital signatures, through which the Internet Computer dey certify and authenticate outputs. Digital signatures na part of the dawn of modern cryptography, wey appear in the pioneering works of Diffie-Hellman and RSA in the late 1970s.
End users and canisters wey dey talk to other canisters need information to dey certified. On the Internet Computer, though, canisters dey hosted on subnets, wey dem run by collections of nodes around the globe. So the nodes need to run a distributed protocol to agree on and sign the Internet Computer’s output. Threshold signatures dey enable nodes on a subnet to collaboratively sign data. If enough nodes cooperate, them fit sign. A few malicious nodes, on the other hand, no fit deviate and sign unauthorized messages.
So far, so good — but twist dey. On the Internet Computer, the set of nodes wey run a subnet go evolve. Nodes fit join and leave their respective subnets. Depending on the demands and requirements of the network, the desired security level, available capacity at data centers, random hardware failures, and so on, the set of nodes running a subnet go change over time — meaning sey the group of threshold signers evolves over time.
Chain Key Cryptography: The Scientific Breakthrough Behind the Internet Computer
Chain Key cryptography na set of cryptographic protocols wey dey orchestrate the nodes wey make up the Internet…
The impact of this is that continuing to generate, register, and distribute new public keys with nodes in flux within a subnet would be logistically complicated. As an alternative solution, key management is greatly simplified if the same subnet can always be referenced by a static public key, even as the nodes comprising the subnet are in flux.
Fortunately, public key preservation has a cryptographic solution, and it is possible to reshare secret keys. With these secret key resharing schemes, the set of signers that participate in the threshold signature scheme can transfer the ability to threshold sign to another set of signers. Existing key resharing schemes have many benefits, but they come with a limitation: they are interactive, raising issues with asynchrony. If a message from a node is missing, it is unclear if the message is merely delayed or if the node has crashed or has been compromised.
The DFINITY R&D team don invent a new noninteractive key resharing protocol. Each of the old signers only needs to broadcast a single message to the new signers. To ensure sey dem do am securely, many concepts from advanced cryptography dey utilized, including encryption with forward secrecy and noninteractive zero-knowledge proofs. Because e dey noninteractive, the way the key resharing protocol operate dey ideal for an asynchronous environment, and the benefits include key preservation. Throughout the lifetime of a subnet, e dey known by a single public key, and the other parties on the Internet Computer no need keep track of changing public keys.
Candid: A Common Language for Application Interfaces on the Internet Computer
Introducing Candid, an interface description language wey dey specifically designed for developing applications for the…
Looking at the different phases of key management of a subnet, the protocol go first apply to initial key generation. The Internet Computer fit use the NIDKG protocol to start a new subnet and give the initial nodes a threshold signing key, without sey initial nodes dey involved in the setup process. The nodes simply learn sey them don dey assigned to a subnet, deduce their secret share of the signing key, and start running the subnet.
While the subnet dey run, the distributed key resharing protocol dey used to enroll new joining nodes. A long enrollment process no dey needed, as the subnet simply leaves encrypted key material to the joining nodes.
Wetin dey expected to happen most frequently na for a set of nodes to give themselves the resharing of the secret key, wey fit sound counterintuitive since the nodes already get the threshold signing key. But the idea go emerge from the concept of proactive security.
The problem be sey nodes fit compromise over time. Imagine a subnet wey run by the same nodes over a certain length of time, wey give an attacker a window of time during which them fit somehow learn a node’s threshold share of the signing key. Proactive security offers a solution by continuing to refresh the threshold shares of the signing key, meaning sey the nodes reshare the secret to get a new threshold secret sharing of the signing key. Afterwards, them go delete their old shares, meaning sey even if an attacker learns some shares from every single node over time, as long as only a minority of shares for any given epoch dey known at any given time, the threshold signing key still dey secured.
NIDKG na one of many innovations wey DFINITY’s R&D team spearhead in pursuit of the Internet Computer’s grand vision to renew the creative capacity of the web — a vision wey dey steadily become a public reality. We dey look forward to welcome developers to explore the capabilities of the network and create the apps and services of the future.
Join awa developer community and start to dey build at forum.dfinity.org.