Chain-key cryptography enables subnets of the Internet Computer to jointly hold cryptographic keys, in a way that no small subset of potentially misbehaving nodes on the subnet can perform useful operations with the key, but the majority of honest nodes together can. Chain-key cryptography provides several major benefits to ICP:
- Secure and efficient subnet-to-subnet communication enables ICP to scale horizontally, increasing the compute and memory capacity as more nodes are joining the Internet Computer.
- Certified responses enable clients to validate the information they receive from ICP nodes efficiently and without the need of keeping any blockchain state.
- Smart contracts have access to a source of unpredictable and unbiased randomness.
- Chain-key signatures enable canister smart contracts on ICP to hold assets and invoke smart contracts on other blockchain networks.
In the future, vetKeys will additionally enable dapps to encrypt data based on encryption keys controlled by canister smart contracts.
Digital Signatures
A digital signature scheme is a very traditional type of public-key cryptosystem, in which a secret key (held only by the signer) is used to generate a digital signature on a message, and a public key (available to everyone) may be used to efficiently verify a digital signature on a message. The basic security property achieved by such a scheme is that a valid signature on a message cannot be created without explicitly invoking the signing algorithm with the corresponding secret key.
A threshold signature scheme is a digital signature scheme where the secret signing key is never stored in one location (which would become a single point of failure). Rather, the secret key is effectively split up into secret shares, and each secret share is stored on a different machine. To sign a message, these machines must agree to sign the message and coordinate with one another to generate a digital signature in a distributed fashion (importantly, without ever reconstructing the secret signing key in one location).
Sharing Cryptographic Keys among the Nodes of a Subnet
While threshold signature schemes have been around for a long time, the Internet Computer is the first blockchain-based system to fully integrate this technology in the core of its design. Each subnet is associated with the public key of such a threshold signature scheme.
More technically, Chain-Key Cryptography is the combination of two cryptographic protocols: The first is a distributed key generation protocol in which nodes of a subnet can together generate shares of a cryptographic key. The protocol ensures that the actual cryptographic key never actually exists at any one place, it exists only virtually, determined by the shares held by all nodes together. A variation of the same protocol is used to re-share the cryptographic key when, e.g. the membership of a subnet changes and new nodes participate in the protocol. The second protocol is the threshold signature protocol, which the nodes evaluate together when a message has to be signed.