Odsy can be a single access control layer for web3 because its dWallets can sign transactions across different chains. But this capability also raises the stakes for security. When you have dWallets that can manage assets on almost any traditional blockchain, you need to be extra careful with who gets to sign those transactions.
As the network grows and all sorts of multi-chain dApps are built using dWallets, the network could become an attractive honeypot for all kinds of bad actors. Obviously, this means that security ends up being the top priority and another essential component of the Odsy Network.
Let’s take a look at how we’ve made sure that dWallets can withstand these risks.
MPC, TSS, and DKG
The Odsy Network guarantees the security of dWallets by making both users and the network itself necessary participants of its signing mechanism. This adds another layer of security that doesn’t exist in other networks.
How does this happen? A Multi-Party Computation (MPC) protocol known as Threshold Signature Scheme (TSS). Participants in a TSS protocol generate a secret that is shared between two or more parties and lets the holders of each part of the secret use their shares in order to perform a signature.
In the Odsy Network, every time a dWallet is created, a private key is generated in a distributed manner where each of the parties generate their own secret share of that key. The key is the combination of those shares that is never revealed in its entirety to any party. This is called Distributed Key Generation (DKG) because no one is the single holder of the private key.
This means that, in order to sign a message with a dWallet, the network needs to confirm that a threshold number of secret holders, t-out-of-n, have been engaged in the process. If enough of them are present, then they are able to recreate the private key and sign the transaction jointly.
So where does that leave us in terms of security? Well, if an attacker wanted to illicitly take hold of any dWallet they would have to hack or corrupt at least two thirds of the validators of the network to recover their individual share and hack the user to recover the user share.
In a nutshell, Odsy uses a DKG mechanism to leverage the strength of the network itself to improve the security of dWallets and ensure that no one is a single point of failure.
MPC is Not Multisig
It’s important to note that MPC is not the same as multisig. In multisig systems, multiple signatures are required in order for a transaction to take place, whereas dWallets only use one signature that is recreated by multiple participants.
This is what allows dWallets to be multi-chain. While multisig solutions need to be specifically created for every blockchain network, dWallets maintain a single public-private key pair that can be easily applied to use cases across different chains with native compatibility.
When you have the capability to program Turing-complete logic for dWallets, this distinction is essential. Take a look at what this programmability means in a post where we explain wallet contracts.
Meanwhile, if you’d like to dive deeper into how the Odsy Network is secured, be sure to check out the litepaper.