search

matter-labs / zksync

zkSync: trustless scaling and privacy engine for Ethereum
https://zksync.io
Apache License 2.0
4.88k stars 2.68k forks source link

Multi Party Signatures and zkSync #393

Closed lauhon closed 1 year ago

lauhon commented 2 years ago

I am building an Application that relies on Multi Party Signatures for security reasons.

In short, it means that there is no single private Key in memory or elsewhere. Transactions are signed over a protocol of messages between multiple parties which each hold their share of a key. This is pretty secure since no one can simply steal the private key or read it from the memory of a device or browser. (They would have to steal every party's share)

Now, I'm interested in finding the best way of using Multi Party Signatures in combination with zKSync while keeping the same level of security.

It is easily possible to create a zk-signer from my multi-party signer by - for example in javascript - creating a custom signer with the same interface as ethers.signer and then use fromEthSigner to create a new zkSync Wallet. So far so good.

My concern now is, that when the zk-signer is derived from my Multi Party signature there is a new private key which is a single point that can be compromised. A bad actor could theoretically steal everything the user has already deposited into his/her zksync account if he/she gets hold of the zk-signer private key.

So either I got the implications of using zkSync wrong or I'm going to have to lower my application's level of security to be able to use zksync.

What would fix this is a possibility to override the sign methods of the zk-signer. Like that it would be possible to also use multi-party-signatures at the zk level.

Is something like that possible, or is there experience regarding zk-sync together with multi-party-signatures?

lauhon commented 2 years ago

Afterthought: In the documentation of tx_submit it says that its possible to send an optional ethereumSignature. This ethereumSignatureis something that would be signed by my Multi-Party process. Which seems to solve my Issue.

But the parameter is optional, what happens if it will not be passed along, is the transaction still valid?

If the transaction is invalid in that case my Issue is obsolete. If it the transaction would still be accepted, it remains.

bxpana commented 2 years ago

@lauhon I'll see if I can get more information for you, but there may be a delay as our team is focused on zkSync 2.0 mainnet. I'll let you know when I have more information.

bxpana commented 1 year ago

@lauhon ethereumSignature is an additional security measure (think like 2FA) which is used to increase the overall security of an account — to send a transaction, transaction has to be signed by both L1 and L2 private keys. This is not related to the multi-party signature.

That being said, zkSync does support N-of-N multisignatures natively. For additional info pleace check this repo: https://github.com/matter-labs/schnorr-musig

lauhon commented 1 year ago

Thanks coming back with the information!