Under the Hood
Last updated
Last updated
Passport Protocol operates through a meticulously designed process that ensures the security and integrity of cryptographic key management. Here's a detailed overview of the internals:
For the full version of this chapter, check out our blog post on Passport's technical architecture here
Passport Networks divide the creation and storage of private keys across multiple nodes. Each node in the network jointly executes a multi-party computation (MPC) protocol to a "share" of the private key, which is then stored in an encrypted database through secure enclaves. This distributed approach ensures that:
Keys are never stored in one location, reducing single points of failure.
No one, not even the node operator has the access to the key share in any process.
The network offers strong fault tolerance and resilience.
By distributing key generation in this manner, Passport eliminates single points of failure and enhances privacy, as no single entity has access to the complete private key.
The shares of the private key are encrypted and stored across various nodes. Thanks to secure enclaves' hardware-based security, node operators can't see the key segments. Strong encryption allows only authorized reconstruction of key segments for signing, protecting them against unauthorized access.
Passport uses "scopes" to define authentication and permission levels for keys, giving developers the ability to customize these according to their needs. This flexibility empowers developers to:
Customize with different account controls and authentication rules:
user-controlled - require only user signature
developer-controlled - require only developer signature
hybrid account (multi-sig) - require both user and developer signature
Offer custom recovery options.
Passport Network targets sub-second performance for processing any user actions. It employs peer-reviewed algorithms and audited implementations. Specifically, it uses DKLS23 for threshold signatures. This algorithm offers:
High performance with the lowest latency possible in Multi-Party Computation Threshold Signature Schemes (MPC-TSS).
Robustness by avoiding the computationally-intensive Paillier operations commonly found in traditional MPC solutions.
Upon successful authentication, clients can request transaction signatures from Passport. The appropriate private key share is temporarily reconstructed from encrypted shares to generate signature shares for the requested transaction. Signing permissions are configured on a per-scope basis, allowing for granular control over signing capabilities. Certain scopes may permit scheduled, automated signing processes, while others require explicit user approval, depending on the application's security requirements and user preferences.
With the entire key managed by the network, transactions can be executed programmatically based on set conditions, like performing an auto-swap when ETH hits a certain price.
Passport offers flexible recovery mechanisms, including backup codes for self-serve account recovery, social login options for passwordless recovery, and revocation procedures in the event of key compromise. Automated key rotation processes further enhance security by periodically refreshing cryptographic keys to mitigate the risk of prolonged exposure. These recovery and revocation flows are designed to uphold strong security guarantees through the use of MPC and threshold cryptography, ensuring the integrity and confidentiality of cryptographic operations in Passport Protocol.