Under the Hood

PreviousIn Depth NextUser Flows and Account Controls

Last updated 1 year ago

Was this helpful?

Under the Hood

Passport Protocol operates through a meticulously designed process that ensures the security and integrity of cryptographic key management. Here's a detailed overview of the internals:

For the full version of this chapter, check out our blog post on Passport's technical architecture

Distributed Key Generation

Passport Networks divide the creation and storage of private keys across multiple nodes. Each node in the network jointly executes a multi-party computation (MPC) protocol to a "share" of the private key, which is then stored in an encrypted database through secure enclaves. This distributed approach ensures that:

Keys are never stored in one location, reducing single points of failure.
No one, not even the node operator has the access to the key share in any process.
The network offers strong fault tolerance and resilience.

By distributing key generation in this manner, Passport eliminates single points of failure and enhances privacy, as no single entity has access to the complete private key.

Secure Key Storage

The shares of the private key are encrypted and stored across various nodes. Thanks to secure enclaves' hardware-based security, node operators can't see the key segments. Strong encryption allows only authorized reconstruction of key segments for signing, protecting them against unauthorized access.

Programmability Through Scopes

Passport uses "scopes" to define authentication and permission levels for keys, giving developers the ability to customize these according to their needs. This flexibility empowers developers to:

Customize with different account controls and authentication rules:
- user-controlled - require only user signature
- developer-controlled - require only developer signature
- hybrid account (multi-sig) - require both user and developer signature
Offer custom recovery options.

Performance and Scalability

High performance with the lowest latency possible in Multi-Party Computation Threshold Signature Schemes (MPC-TSS).
Robustness by avoiding the computationally-intensive Paillier operations commonly found in traditional MPC solutions.

Transaction Signing

Upon successful authentication, clients can request transaction signatures from Passport. The appropriate private key share is temporarily reconstructed from encrypted shares to generate signature shares for the requested transaction. Signing permissions are configured on a per-scope basis, allowing for granular control over signing capabilities. Certain scopes may permit scheduled, automated signing processes, while others require explicit user approval, depending on the application's security requirements and user preferences.

Programmatic Signing

With the entire key managed by the network, transactions can be executed programmatically based on set conditions, like performing an auto-swap when ETH hits a certain price.

Recovery and Revocation

Passport offers flexible recovery mechanisms, including backup codes for self-serve account recovery, social login options for passwordless recovery, and revocation procedures in the event of key compromise. Automated key rotation processes further enhance security by periodically refreshing cryptographic keys to mitigate the risk of prolonged exposure. These recovery and revocation flows are designed to uphold strong security guarantees through the use of MPC and threshold cryptography, ensuring the integrity and confidentiality of cryptographic operations in Passport Protocol.