Professional Documents
Culture Documents
the request with a set of public keys the call- to request that a keep’s content be published
ing contract can use to communicate privately (read permission, Pread ), or to delegate further
with the keep. access to other contracts (admin permission,
Once the keep has been created, it can Padmin ). Owners (Contractowner ) can also re-
be populated in a number of ways. dApps voke their own access.
can publish secret data to the blockchain, en- Access management enables multi-party se-
crypted by the keep’s public keys, or send cret escrow and auditability of secret access.
the data to the keep off-chain. Alternatively,
2.1.4 Destruction
a keep can self-populate with pseudorandom
data. Depending on the use case, keeps can be long-
or short-lived. Contracts can request that a
2.1.2 Publishing data on-chain keep shut down, and should also handle keeps
The purpose of a keep is to compute a function that are terminated unexpectedly, scenarios
over its secret and publish the results to the which are covered in more detail later in sec-
blockchain. tion 5.2.
Initially, keeps will support publishing their
3 Eliminating third-party risk
secrets on-chain, unmodified or encrypted
with a public key provided by Contractowner . We’ve described a simple black box for off-
This enables functionality that’s difficult in chain data storage. The standardization of
today’s public smart contracts, like a secret- this method of secret management will enable
exposing dead man switch, useful in a variety secrets to be bought, sold, and transferred on a
of decentralized market schemes. public blockchain, but doesn’t inherently solve
Keeps can be extended to use their secret in third-party risks.
a variety of other ways, including as key ma- Next, we’ll describe techniques to eliminate
terial for symmetric encryption and signing. third-party risk.
new signing group is chosen by the previous it- 7 The result registry
eration’s random value. As all groups sign the
Keeps will offer a number of methods to pub-
previous iteration’s value, if a signature that’s
lish to the public blockchain. In the case where
chosen is invalid, the signature from the next
keeps publish to a smart contract provided by
group in line can be chosen instead.
the keep owner, coordination is simple. In uses
Importantly, the threshold signature scheme that don’t have a natural contract to commu-
needs to be deterministic to prevent individual nicate with, a result registry will be provided
shareholders from biasing the signature out- as a default to simplify keep and owner coor-
come in their favor. BLS signatures [27] have dination.
been used in related work.
8 Applications
8.1 Dead man switch
6.2.3 Keep selection group
A dead man switch is a device that is auto-
Our threshold relay system will be composed matically activated in case its owner becomes
of keep providers seeking to be chosen to back incapacitated. Keeps enable a particular kind
a new keep, capturing the fees from that keep. of dead man switch- publishing a secret, under
certain contract conditions.
Each block will include a random signa-
Examples of dead man switch applica-
ture, published by the nominated keep selec-
tions with keeps include automated inheri-
tion group. Any keeps that require new nodes
tance (“send my beneficiary my private key if
will have their providers chosen randomly, us-
I don’t check in quarterly”), arbitration with
ing the beacon value from the last block.
time limits (“if no decision is made in 10
In this way, we can ensure fair chances to blocks, publish a shared secret”), as well as
all staked keep providers, keeping the cost of protection for leakers (“publish a key to these
a Sybil attack high. insurance files if I don’t check in”).