Skip to main content

Threshold ECDSA: chain-key signatures



The Internet Computer implements a novel threshold ECDSA protocol as part of its chain-key signatures suite. In this protocol, the private ECDSA key exists only as secret shares held by nodes. Secret shares are shards of the ECDSA private key. Signatures are computed using those secret shares without the private key ever being reconstructed. Each replica of such subnet holds a key share that provides no information on its own. More than one third of the nodes are required to generate a threshold signature using their respective key shares.

Besides the actual threshold signing protocol, chain-key ECDSA also comprises of protocols for secure, distributed key generation and periodic key resharing. Distributed key generation enables the nodes on a subnet to collaboratively generate keys, while periodic key resharing allows for ECDSA keys to be re-shared within the subnet. This makes chain-key ECDSA signatures much more powerful than any off-the-shelf threshold ECDSA protocol.

Each canister on a subnet has control over a unique ECDSA public key and can request signatures for this public key. Canisters do not have access to their private ECDSA keys. They can only request signatures. This is because the private key is never stored in a single place.

Threshold ECDSA enables many important use cases:

  • Canisters natively holding bitcoin.

  • Integration with Ethereum and other EVM chains, such as getting ERC-20 tokens onto ICP and signing Ethereum transactions.

  • Integrations with other blockchains that use ECDSA as signature scheme for signing transactions.

  • Realizing a decentralized certification authority (CA), where certificates are issued using threshold ECDSA.

Signing transactions

Threshold ECDSA can be used by making calls to the Threshold ECDSA API.

Learn how to use Threshold ECDSA to sign transactions.