The BSC community and Torus Labs are excited to introduce a new seamless and secure user onboarding process for the Binance Extension Wallet via Torus Key Infrastructure. Designed with a simple and straightforward user experience for mainstream users, the onboarding includes OAuth logins, key management that reduces account loss while retaining the non-custodial guarantees that the decentralized ecosystem requires. BSC users can access this feature on the latest version of the Binance Extension Wallet on Firefox, with Chrome coming soon.
Key management has become an increasingly important subject, especially with the current increase in the adoption of decentralized applications (dApps). Mismanagement of private keys often results in significant financial loss, and the importance of key management goes beyond finance.
Non-custodial private key management solutions have made significant progress in streamlining the user onboarding experience but have long been plagued by the trilemma of sacrificing security or redundancy for convenience. Many of these systems also have points of centralization that reduce censorship resistance, and we can mitigate these issues with the implementation of secret sharing schemes.
Introducing Torus Key Infrastructure (TKI)
TKI is a model of threshold key management that solves the trilemma without sacrificing user experience while retaining end-user autonomy and security. The model implements the Shamir Secret Shares (SSS) scheme using the user’s device, private input, and wallet service provider. The user’s private key is split into multiple factors, and these split factors are used to reconstruct the original encrypted secret key.
Like 2FA systems, as long as the user has access to 2 out of 3 of their factors, they will be able to retrieve their private key and gain access to the wallet.
User’s private key is split into multiple factors
- User Device Factor: Implementation is device and system-specific. For example, on mobile devices, the factor could be stored in device storage secured via biometrics.
- Social Login Factor: This factor is kept and managed by a login provider via their own authentication. With Torus, this factor is further split via a distributed key generation protocol and kept on large ecosystem stakeholders to secure your factor further, retrievable via OAuth logins. Click here to see how Torus works.
Further decentralizing the social login, this corresponding “share” is split into sub-shares.
- Recovery Factor: This is based on user input (e.g., password, security questions, hardware device, etc.).
As long as the user has any 2 of their factors, they will gain access to their wallet.
This setup provides several benefits for users.
Key Features of Torus Key Infrastructure
- Convenient/seamless usage - This architecture is compatible with Web2.0 user flows, where users can access keys via OAuth (e.g., Google, Binance, Reddit, etc.) logins.
- Improvements to key recovery - If one of the factors is lost (e.g., device loss), users can still retain access to their keys and revoke access rights for the lost factors.
- Non-custodial - The service provider cannot access the user’s private key since they only have one factor. They cannot censor users and prevent them from gaining access to their keys since they own their own recovery factor. Users can also choose to migrate to other service providers.
- Progressive security - TKI gives users flexibility in access control based on their desired level of security. Increasing the threshold of factors required for the reconstruction of the key would, in turn, increase the security of their key (e.g., configuring access to require 3 out of 4 factors).
Like native private keys, the Torus Key Infrastructure is off-chain and thus composable with different blockchains and elliptic curves. By relying on native cryptography primitives, TKI avoids additional transaction costs. TKI is also compatible with on-chain constructions like multi-sigs and smart contract wallets and can be used flexibly in conjunction with these systems for increased security.
In line with other threshold cryptography endeavours, TKI is a step towards improving key security within the community as a whole. Further work includes Threshold Signature Schemes with TKI so that the private key does not need to be reconstructed in the front-end when signing transactions.
Binance Extension Wallet Integration, Open Source SDK, and Security Audits
Merging the best practices from proven key management models, TKI is the next step to lay the foundation needed for mainstream adoption of decentralized ecosystems.
For a start, users will be able to log in and set up their TKI enabled wallet on the Binance Firefox Extension Wallet here.
Developers can also integrate TKI via an open-source SDK https://docs.tor.us/, which they can leverage to harness the benefits of threshold key management. Audits for the TKI SDK have previously been conducted by Kudulski and are openly viewable here https://github.com/torusresearch/audit/blob/master/Torus_Audit_tKey.pdf.
You can find the full specification of TKI here.
Torus is the most secure passwordless authentication and private key management platform. Torus combines the simplicity of passwordless authentication with the security guarantees of non-custodial Public Key Infrastructure (PKI) to deliver a robust lineup of authentication and key management tools through a simple SDK.
Torus is powered by the Torus Key Infrastructure; an open-source, globally distributed network of nodes that is maintained by some of the largest stakeholders in the crypto ecosystem and users themselves. The Torus Key Infrastructure leverages state-of-the-art distributed key generation (DKG) technology to ensure data stays private and secure, and completely non-custodial, end to end. Simplify auth, without sacrificing security. Get started at https://docs.tor.us/.