New Breakthrough of Ed25519 in the MPC Field: Providing a More Secure Signature Scheme for DApps and Wallets

In recent years, Ed25519 has become an important component of the Web3 ecosystem. Although popular blockchains such as Solana, Near, and Aptos have widely adopted this efficient and highly cryptographic algorithm, true MPC (Multi-Party Computation) solutions have not yet fully proliferated on these platforms.

This situation means that, even with the continuous advancement of cryptographic technology, wallets using Ed25519 typically lack multi-party security mechanisms to eliminate the risks associated with a single private key. Ed25519 wallets without MPC support still have the same core security vulnerabilities as traditional wallets, leaving significant room for improvement in protecting digital assets.

Recently, a project in the Solana ecosystem launched a mobile-friendly trading suite called Ape Pro. This suite combines powerful trading features with mobile usability and social login capabilities, while also providing a token creation experience.

The Current State of Ed25519 Wallets

Before delving deeper, it is necessary for us to understand the current weaknesses present in the Ed25519 Wallet system. Typically, wallets use mnemonic phrases to generate private keys, which are then used to sign transactions. However, these traditional wallets are more susceptible to attacks such as social engineering, phishing sites, and malware. Since the private key is the only way to access the wallet, it is difficult to recover or protect it once a problem occurs.

This is where MPC technology comes into play. Unlike traditional wallets, MPC wallets do not store private keys in a single location. Instead, they split the keys into multiple parts and distribute them across different locations. When a transaction needs to be signed, these key parts generate partial signatures, which are then combined using a Threshold Signature Scheme (TSS) to create the final signature.

Since the private key is never fully exposed on the front end, the MPC Wallet can provide better protection, effectively defending against social engineering, malware, and injection attacks, thereby elevating the security of the wallet to a new level.

Ed25519 Curve and EdDSA

Ed25519 is a twisted Edwards form of Curve25519, optimized for double-base scalar multiplication, which is a key operation in EdDSA signature verification. It is more popular compared to other elliptic curves because it has shorter key and signature lengths, faster and more efficient signature computation and verification, while still maintaining a high level of security. Ed25519 uses a 32-byte seed and a 32-byte public key, with a generated signature size of 64 bytes.

In Ed25519, the seed is hashed using the SHA-512 algorithm, and the first 32 bytes of this hash are extracted to create a private scalar. This scalar is then multiplied by a fixed elliptic point G on the Ed25519 curve to generate the public key.

This relationship can be expressed as: Public Key = G x k

where k represents the private scalar, G is the base point of the Ed25519 curve.

New Ed25519 Support Scheme

A new method is not to generate a seed and hash it to obtain a private scalar, but to directly generate the private scalar, then use that scalar to compute the corresponding public key, and generate a threshold signature using the FROST algorithm.

The FROST algorithm allows private keys to share independently signed transactions and generate final signatures. Each participant in the signing process generates a random number and makes a commitment to it, which is then shared among all participants. After sharing the commitments, participants can independently sign the transaction and generate the final TSS signature.

This new method utilizes the FROST algorithm to generate valid threshold signatures while minimizing the required communication compared to traditional multi-round schemes. It also supports flexible thresholds and allows for non-interactive signing among participants. Once the commitment phase is completed, participants can independently generate signatures without further interaction. At the security level, it can prevent forgery attacks without limiting the concurrency of signing operations and can abort the process in case of misconduct by participants.

How to use the new Ed25519 support

For developers building DApps or Wallets that support chains using the Ed25519 curve, this new Ed25519 support is a significant advancement. This new feature provides new opportunities to build DApps and Wallets with MPC functionality on popular chains such as Solana, Algorand, Near, and Polkadot. To integrate this new Ed25519 support, developers can refer to the relevant documentation.

Ed25519 is now natively supported by relevant nodes, which means that the non-MPC SDK based on Shamir Secret Sharing can directly use Ed25519 private keys in all solutions (including mobile, gaming, and Web SDKs). Developers can explore how to integrate this new Ed25519 support with blockchain platforms such as Solana, Near, and Aptos.

Conclusion

In summary, this new Ed25519 support provides enhanced security for DApps and Wallets. By leveraging true MPC technology, it eliminates the need to expose private keys on the front end, significantly reducing the risk of attacks. In addition to robust security, it offers seamless, user-friendly login and more efficient account recovery options. This advancement brings new possibilities for the security of the Web3 ecosystem and lays the foundation for future development.