Introducing Ed25519 in Web3Auth’s MPC: Secure Signing for DApps and Wallets

Learn about Web3Auth's Ed25519 support in MPC Core Kit SDK, and how it helps developers achieve secure signing, and recoverability.
Blog banner for Introducing Ed25519 in Web3Auth's MPC: Secure Signing for DApps and Wallets

On this page

In recent years, Ed25519 has been the word of the Web3 ecosystem because of popular chains like Solana, Near, Aptos, and more. While they are widely used for their efficiency and cryptographic strength, true MPC solutions are still not fully available for them. This means that, despite advancements in cryptography, Ed25519 wallets often lack the level of multi-party security that could eliminate the risks associated with a single private key. Without MPC, they continue to share the same core vulnerabilities as traditional wallets, leaving room for improvement in securing digital assets.

Current state of Ed25519 Wallet

Before we move forward, it's important to understand the weaknesses in current Ed25519 wallet systems. Normally, wallets use a seed phrase to create the private key, which is then used to sign transactions. But traditional wallets have become more vulnerable to risks like social engineering, fake websites, and malware attacks. Since the private key is the only way to access the wallet, it becomes very hard to recover or secure it if something goes wrong.

This is where MPC technology revolutionizes security. Unlike traditional wallets, MPC wallets do not store the private key in a single location. Instead, the key is split into multiple shares and distributed across different locations. When a transaction needs to be signed, these key shares generate partial signatures, which are then combined using a Threshold Signature Scheme (TSS) to produce the final signature. 

Since the private key is never fully exposed on the frontend, MPC wallets offer superior protection against social engineering, malware, and injection attacks, elevating wallet security to a whole new level. 

Ed25519 curve & EdDSA

Ed25519 is the twisted Edwards form of Curve25519, optimized for double-base scalar multiplication, a key operation in EdDSA signature verification. It is preferred over other elliptic curves due to its shorter key and signature lengths, faster and more efficient signature computation and verification, while still maintaining a high level of security. Ed25519 uses a 32-bytes seed and a 32-bytes public key, with signatures generated at a size of 64 bytes. 

In Ed25519, the seed undergoes hashing via the SHA-512 algorithm. From this hash, the first 32 bytes are extracted to create the private scalar. This scalar is then multiplied by a fixed elliptic point, G, on the Ed25519 curve, which results in the generation of the public key. The relationship can be captured as 

PubKey = G x k

Here k represents the private scalar, and G is the base point of the Ed25519 curve.

How Web3Auth added support for Ed25519 

However, instead of generating the seed and hashing it to obtain the private scalar, the Web3Auth network directly generates the private scalar. This scalar is then used to compute the corresponding public key, and for generating the threshold signature, the FROST algorithm is used.

The FROST algorithm enables private key shares to independently sign a transaction, and generate a final signature. Each participant in the signing process generates a random nonce and commits to it. These commitments are then shared among all participants. After sharing the commitments, the participants can sign the transaction independently and produce the final TSS signature.

Web3Auth leverages the FROST algorithm due to its efficient approach to generating valid threshold signatures, while minimizing the communication required compared to traditional multi-round schemes. It also supports flexible thresholds and allows non-interactive signing among participants. After the commitment phase is completed, participants can independently generate signatures without further interaction. On the security level, it protects against forgery attacks without limiting concurrency of signing operations, and aborts the process in the presence of a misbehaving participant. 

How to utilize Ed25519 curve in Web3Auth

The introduction of Ed25519 support in Web3Auth’s MPC Core Kit is a significant step forward for developers building dApp/Wallets support chains using Ed25519 curve. This addition unlocks new opportunities for building DApps and wallets with MPC features on popular chains such as Solana, Algorand, Near, Polkadot, and more. To integrate MPC Core Kit for Ed25519 curve, you can checkout our documentation on MPC EdDSA signing

Ed25519 is also now natively supported from the Web3Auth nodes, which means the non-MPC SDKs of Web3Auth, based on Shamir Secret Sharing can directly use the Ed25519 private key across all Web3Auth solutions, including Mobile, Gaming, and Web SDKs. Explore how to integrate Web3Auth with blockchain platforms like Solana, Near, and Aptos.

Conclusion

In conclusion, Web3Auth's MPC CoreKit, with support for EdDSA signatures, provides enhanced security for DApps/Wallets. By leveraging true MPC technology, it eliminates the need to expose private keys on the frontend, significantly reducing the risk of attacks. In addition to strong security, it also offers seamless, user-friendly logins and more efficient account recovery options.