Earlier I have written a technical article explaining 0chain signature scheme. This article will be focused on presenting a overview of 0chain Wallet and the advantages and user experience for regular end users who may or may not have technical knowledge of the blockchain but are simply interested in storing their asset and performing transactions on a blockchain.

Just a decade back people used to send personal checks by signing them. With electronic payment options and bill pay services the number of paper checks have reduced significantly. But the concept of signature has not gone with the transition to digital payments. In fact, it has become more important. A physical signature protects against forgery but it’s still possible to forge with increased accuracy. But with digital signatures it is practically infeasible to do the forgery without having access to the digital keys used to create the signature. So while the transition to digital payments increased the security against forgery it is based on the assumption that the digital keys themselves have not been compromised.

Unfortunately, there are always bugs at the software or even hardware level that go unnoticed for years. People may not upgrade their operating system or browsers for several weeks or months. There is always the threat of the digital keys getting compromised resulting in the ability for someone to digitally sign on behalf of the owner of the keys. This coupled with the swiftness of the digital transactions makes it extremely challenging to protect the digital assets. Add the decentralized distributed ledger to the mix, there is no one to go to and reclaim the stolen assets.

Security vulnerabilities can be discovered anytime sometimes several years after the initial release of the software or hardware making it hard to guarantee the security of a device. Secure keys are very important for the growth of a decentralized economy where there is no central agency providing insurance to the digital assets. There are many protocols and hardware solutions to keep the keys secure.

0chain worked with security researchers and came up with a novel solution based on a security protocol that has survived more than a decade of research that analyze vulnerabilities in the protocols. This protocol, called BLS, provides the ability to split a key into two and store them separately and reconstruct the signature from partial signatures. More details can be found in the previously written technical article. As the solution is completely based on software, there is no need for purchasing any expensive hardware. Users can use their existing mobile phones and computers.

0chain enhances the overall security with various types of wallets and stake pooling mechanisms which are additional protocol layers on top of the above mentioned BLS signature scheme. These details are described below.

End user Wallets

0chain is providing beautifully designed native mobile apps for wallet transactions and store of value. The wallet app will allow a user to setup the keys with or without splitting. To use key splitting, users will also need to download a desktop app to act as a second device. A very intuitive UI will guide the user to setup the split key between the two devices. Once setup, subsequent transaction submission will require both devices to construct the signature making it secure.

Even with split key, it will be possible to recover the primary key, should the need arise, just like the traditional keys. In addition, it will also be possible to split the keys any number of times to implement advanced security options such as key rotation where a set of keys are periodically discarded. These advanced features are optional and casual users don’t have to worry about these features initially but as they become more familiar with using the blockchain and the secure wallet, and their token store of value increases, they can be assured that such advanced options are possible using the signature scheme used by 0Chain.

Service Provider Operation Wallets

All the service providers of the 0chain blockchain, such as the miners, sharders and validators will need to digitally sign their messages for the rest of the blockchain network to be assured that the message is coming from whom it is supposed to be and is not tampered. The signature scheme used for this is same as that used for the end user wallets. Split key functionality for additional security cannot be used by the service providers for the following reasons

There is no user interaction for supporting the operations of the blockchain

With a fast finality, the number of messages exchanged per second is so large that it would be impractical to add any extra steps that delay the signing process.

As a result of the above operational constraints, 0chain has decided to provide additional security for the service providers in a different manner. This is done by separating the keys used for staking and reward from the keys to sign the out going messages for supporting the blockchain operations. With this mechanism, the tokens are always controlled by a regular wallet that can use the split key scheme assuring that their stake is never compromised. This technique will also allow the ability to rotate operational keys, something that is common in traditional IT systems having advanced security.

Delegation Pool

The above separation of wallets is further generalized to support the concept of delegation which allows normal users to earn rewards by staking their tokens but without actually owning the blockchain operations as a service provider. A service provider starts a delegation pool by registering an operational wallet and staking tokens using the regular wallet and delegating the operations to the operational wallet. Similarly, any regular user can choose to invest into this delegation pool to increase the overall stake of the service provider which further enhances the chance of the service provider getting picked. The delegation pools are implemented as a smart contract and hence the owner of the delegation pool cannot withdraw tokens deposited by others or avoid paying the rewards as the rewards are automatically distributed to the participants by the smart contract. The reward distribution will be proportional to the stake of each participant.

Multi-Sig Wallet

There is no reason to split the key into only two parts. It can be extended to split it into n parts and even use threshold cryptography where only t-of-n signatures are required. Most existing multi-sig schemes rely on signing with unrelated keys to establish multi-sig. While this is possible, 0chain’s signature scheme allows creating an aggregate signature that can recover the signature of a regular client on the blockchain. This ensures that the balance transfers are done securely with the use of a verifiable signature of a client via multi-sig as if it is directly signed by the client. This type of multi-sig validation is suitable for server side wallets such as in digital exchanges where the transfer transactions are driven by automation.

Summary

In summary, 0chain has taken the end user experience of interacting with their blockchain seriously and built a ground up protocol for secure signature, paid attention to operational security risks and enabling monetization for end users without being tech savvy to operate the blockchain. All these capabilities are being built right into the wallet and the server side logic leveraging system level smart contracts.