How Kima Controls Liquidity Pools on its Platform Part 1: Threshold Signatures
At Kima, we aim to empower the Web3 world by expanding interoperability possibilities without causing liquidity fragmentation.
Our previous article explored how the Kima platform overcomes Web3’s fragmentation problem without asset wrapping and how we manage liquidity on the platform.
Next, let’s dive into the security aspects of liquidity pool management. In this series of articles, we’ll show how the Kima protocol controls its liquidity pools through its two highly secure mechanisms – Threshold Signatures and Trusted Executed Environments.
What are Threshold Signatures?
Kima wardens control the asset pools on the destination chain using Threshold Signature Schemes, and security is further strengthened by running the wardens inside Trusted Execution Environments.
Threshold Signature Schemes (TSSs) – a security method that replaces the commonly used KeyGen and Sign algorithms – allow a group of participants called cosigners to securely generate and control a secret signing key for a digital signature scheme. In other words, with TSSs, a group of participants, each holding a key “share,” work collaboratively to sign a single message.
The resulting signature is indistinguishable from that generated from using a single key. With multisigs, multiple signatures are aggregated by a smart contract before the contract takes any action.
A TSS consists of two protocols: the Distributed Key Generation and the Distributed Signature Generation. The Distributed Key Generation protocol creates private “key shares,” where each participant holds a single share and a public verification key for a digital signature algorithm, either ECDSA or ED25519.
The Distributed Signature protocol uses each participant’s key share and a public message. It creates a digital signature on the message that will verify using the verification key created during the key generation protocol.
Currently, Threshold Signature Schemes exist for ECDSA and ED25519. In addition, professionally audited, open-source TSS libraries are available from Axelar, ZenGo, ING bank, Binance, Thorchain, Ren, and Coinbase. Collectively, these TSS implementations are currently used to custody billions of dollars in tokens across multiple blockchains.
How is Security Implemented through the Threshold Signatures?
The “threshold” property comes from the guarantee that there is a fixed threshold (e.g., t-out-of-n) so that an adversary who corrupts up to t participants in the protocol (and learns their private key shares) learns nothing about the underlying secret key.
We can extend Threshold Signature protocols to arbitrary authority structures. For instance, there could be a set of n_1 highly-trusted signers (e.g., signers that have undergone KYC and have a real-world reputation at stake) and a larger set of n_2 anonymous signers that are dynamically chosen via on-chain staking. The TSS could then be built so that it needs both t_1+1 public signers and t_2+1 anonymous signers to participate for a statement to be signed. This way, an adversary who attempts to corrupt the system learns nothing of the underlying secret key and cannot forge signatures.
Furthermore, TSS protocols can use Proactive Secret Sharing to periodically re-randomize the secret key shares. Suppose an adversary compromises a few wardens and learns a few shares of the secret key before re-randomization. In that case, this knowledge will not help it learn the secret key shares after re-randomization is completed. Essentially, each re-randomization causes the adversary to restart from zero in its efforts to learn secret shares. Thus, as long as the adversary isn’t able to learn the entire secret key between any pair of re-randomizations, it will never know the secret key or be able to make new signatures.
Proactive Secret Sharing significantly increases the system’s security, protecting against an adversary who can compromise some nodes but is never able to compromise above a certain amount within a specific time window.
Although attacks are common in the DeFi space, no reported attacks have exploited a Threshold Signature Scheme. We are proud to offer this comprehensive security option to protect assets and keep them as secure as possible.
Stay up to date with Kima by signing up for our newsletter here.