Noninteractive Distributed Key Generation

The complex functionalities of the Internet Computer are powered by a secure network that implements advanced cryptography. Because of the decentralized nature of its network, certain key questions need to be addressed:

End-users of the Internet Computer and the dApps running on top it are interacting with canister smart contracts but do not directly see its advanced cryptography. The way how these canisters operate is specified in the Interface Specification. As such, the Internet Computer fosters a software ecosystem in which dApps can use each other’s APIs and communicate between each other.

Digital signatures are used by the Internet Computer to certify and authenticate outputs. Certified information is a key requirement to enable end-users and canisters to talk to other canisters.

The output of the Internet Computer is agreed on and signed by nodes running a distributed protocol. On an individual subnet, threshold signatures are used so that notes can collaboratively sign data. (To learn more about threshold signatures, see Chain Key Cryptography).

Generating, registering, and distributing new public keys whenever nodes join a subnet or are removed from it could prove to be logistically complicated. However, if a given subnet could always be referenced by using a static public key independently of the nodes comprising the subnet, the process of key management could be greatly simplified.

With the help of secret key resharing schemes, the existing set of nodes participating in the threshold signature scheme are able to transfer the ability to sign information to a new set of signers. However, existing schemes come with the limitation that they are interactive which raises issues with asynchrony.

With the help of NIDKG, old signers can reshare their secret keys to the new signers by broadcasting a single message. This is securely accomplished by using advanced cryptography, such as noninteractive zero knowledge proofs as well as encryption with forward secrecy.

Initial key generation is a key step in the process of starting a new subnet. The new key is generated by the Internet Computer using the NIDKG protocol. Once created, the initial nodes of the subnet will be given a threshold signing key. The initial set of nodes will not be involved in the process of setting up the new subnet. Instead, the IC will inform nodes they have been assigned to a new subnet. Nodes will then deduce their own, secret share of the newly generated signing key and begin running the subnet.

New nodes joining the subnet are enrolled with the help of the distributed key resharing protocol. Along the lines of the concept of proactive security, it is anticipated that nodes of a subnet will reshare the secret key among themselves. Proactive security helps to continuously refresh the signing key’s threshold shares. 

Once the new secret key shares are distributed, the old shares will be deleted to protect against attackers that have gained access to the shares of a node. The security of the threshold signing key is guaranteed as long as only the minority of shares is known at any given time.