The Application of Ed25519 in MPC: Providing Secure Signatures for DApps and Wallets

In recent years, Ed25519 has become a widely popular cryptographic technology in the Web3 ecosystem. Many popular blockchains such as Solana, Near, and Aptos have adopted this technology, favored for its efficiency and strong cryptographic capabilities. However, true multiparty computation (MPC) solutions have not yet been fully popularized on these platforms.

This means that, despite the continuous advancement of cryptographic technology, wallets based on Ed25519 generally lack multi-party security mechanisms, making it difficult to effectively reduce the risks associated with a single private key. Without the adoption of MPC technology, these wallets will continue to face the same core security vulnerabilities as traditional wallets, leaving room for improvement in the protection of digital assets.

Recently, a project in the Solana ecosystem launched a mobile-friendly trading suite that combines powerful trading features with social login and token creation experiences. This innovative attempt reflects the market's demand for safer and more convenient Web3 interaction methods.

The Current State of Ed25519 Wallets

The traditional Ed25519 Wallet system has some obvious weaknesses. Typically, these Wallets generate private keys using mnemonic phrases and then use those private keys to sign transactions. However, this method is vulnerable to attacks such as social engineering, phishing websites, and malware. Since the private key is the only way to access the Wallet, once an issue arises, recovering or protecting assets becomes extremely difficult.

In contrast, MPC technology has brought revolutionary changes to wallet security. MPC wallets do not store private keys in a single location, but rather split them into multiple parts and store them in a distributed manner. When a transaction needs to be signed, these key fragments generate partial signatures, which are then combined into a final signature through a Threshold Signature Scheme (TSS).

Since the private key is never fully exposed on the frontend, the MPC Wallet can effectively prevent social engineering, malware, and injection attacks, greatly enhancing the security of the wallet.

Ed25519 Curve and EdDSA

Ed25519 is the twisted Edwards form of Curve25519, optimized specifically for double-base scalar multiplication, which is a key operation in EdDSA signature verification. Compared to other elliptic curves, Ed25519 is more popular due to its shorter key and signature lengths, faster computation and verification speeds, while maintaining a high level of security. Ed25519 uses a 32-byte seed and a 32-byte public key to generate a 64-byte signature.

In Ed25519, the seed is hashed using the SHA-512 algorithm. The first 32 bytes of this hash value are extracted to create a private scalar, which is then multiplied by the fixed elliptic point G on the Ed25519 curve to generate the public key.

This relationship can be expressed as: Public Key = G × k

where k represents the private scalar and G is the base point of the Ed25519 curve.

Introduced Ed25519 Support in MPC

Some new Web3 security solutions employ different approaches. They directly generate private scalars instead of generating a seed and hashing it. The corresponding public key is then computed using that scalar, and threshold signatures are generated using the FROST algorithm.

The FROST algorithm allows private keys to share independently signed transactions and generate final signatures. During the signing process, each participant generates a random number and makes a commitment to it, which is then shared among all participants. After sharing the commitments, participants can independently sign transactions and generate the final TSS signature.

This method utilizes the FROST algorithm to generate valid threshold signatures while minimizing the required communication. It supports flexible thresholds and allows for non-interactive signing among participants. After the commitment phase is completed, participants can independently generate signatures without further interaction. In terms of security, it can prevent forgery attacks, does not limit the concurrency of signing operations, and aborts the process in case of improper participant behavior.

Using Ed25519 Curve in MPC

For developers building DApps and Wallets using the Ed25519 curve, the introduction of Ed25519 support is a significant advancement. This new feature provides new opportunities for building DApps and Wallets with MPC functionality on popular chains such as Solana, Algorand, Near, and Polkadot.

Ed25519 now also receives native support from some Web3 security solutions, which means that non-MPC SDKs based on Shamir Secret Sharing can directly use Ed25519 private keys in all Web3 solutions (including mobile, gaming, and Web SDKs).

Conclusion

In summary, introducing EdDSA signature support in MPC provides enhanced security for DApps and Wallets. By leveraging true MPC technology, it does not require exposing private keys on the front end, significantly reducing the risk of attacks. In addition to robust security, it also offers seamless, user-friendly login and more efficient account recovery options.

This technological advancement not only enhances the security of Web3 applications but also provides developers with more possibilities to build innovative solutions, contributing to the overall progress of the Web3 ecosystem.