pocket-core icon indicating copy to clipboard operation
pocket-core copied to clipboard

Published 20 hours ago verified publisher icon pokt-network

Add threshold signatures for multisig accounts

Open mokn opened this issue 4 years ago • 2 comments

Is your feature request related to a problem? Please describe.

The current implementation of a multisig account in Pocket Core enforces 100% of all signer's keys to execute a transaction.

A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Due to the fact that 100% of signers in a multisig account must participate in a transaction, the funds in the wPOKT bridge will be at significant risk. If any one of the signers loses their private key, dies, gets coerced or bribed, it will result in loss or freezing of funds for all bridge participants.

Describe the solution you'd like

Implement threshold signatures to allow for a safer and more secure bridge. For example, the ideal implementation for the wPOKT bridge would be 3 of 5 signatures in a multisig to allow for more security and flexibility in case anything goes wrong.

Describe alternatives you've considered

The wPOKT bridge is an early experiment, and is a 1:1 backed wrapped version of POKT. If we move forward with a 3 of 3 multisig, we can limit the amount of wPOKT created by the bridge to mitigate the risk of lost POKT. By doing so, we may be able to replace any loss of funds by the DAO treasury.

Additional context

Even with threshold signatures, the current design of the bridge is still too centralized and relies on a high degree of trust. If successful and very liquid, it will be important to design this bridge in such a way that is fully trustless. A couple of ideas come to mind:

  1. Rotating existing staked nodes (and/or applications?) through Sessions to participate in the bridge, where if they do not sign multisig transactions it results in slashing of POKT.
  2. Implement off-chain swaps. Users would send the indicated cryptocurrency to a pseudorandom set of nodes that have enough POKT collateral staked to ensure economic security for each atomic transaction. If the node does not send the cryptocurrency to the indicated address, the POKT equivalent to the value of what was stolen would be returned to the original sender. This likely will require an oracle solution and liquid POKT markets to execute.
  3. Upgrade Pocket Core to be compatible with IBC, allowing for cross-chain swaps in the Cosmos ecosystem.

These are just some ideas to get the conversation going. Pocket Network is in a unique position to solve some of these hard problems in crypto due to its staked, cross-chain architecture.

mokn avatar Feb 05 '21 17:02 mokn

I now understand why you desire this feature... However, it's a big one and it's consensus breaking. We need a brand new keytype, account type, and verification scheme at a few levels of the protocol. I think what will be important here is evidence of ecosystem buy-in to push this forward.

andrewnguyen22 avatar Feb 08 '21 18:02 andrewnguyen22

Thanks @andrewnguyen22. Updated the post to reflect the Cosmos IBC as another option as well.

mokn avatar Feb 09 '21 13:02 mokn