Protocol key concepts
TL;DR
- The protocol relies on three key network services
- There are three key custody documents governing the majority of actions in scope for the protocol
- There are three types of key on-chain operations facilitating the movement of funds
Key network services
The protocol relies on three key network services:
MPC Nodes: Multi-Party Computation (MPC) nodes are distributed across the Qredo network, working together to manage the generation, storage, and usage of keys.
Qredo’s dMPC implementation and its relationship with Qredochain enables the removal of single point of failure commonly associated with traditional private key storage without relying on users running critical software. MPC nodes operate within Trusted Execution Environments (TEEs) and are directly governed by QredoChain, ensuring a high level of security.
Validators: Validators are responsible for verifying and validating transactions within the Qredo network. They participate in the consensus process, using the Tendermint consensus algorithm to reach agreement on the state of the blockchain. Validators help maintain the integrity of the network by ensuring that only valid and authorized transactions are added to the blockchain.
Watchers: Wtchers act as oracles in the network, they synchronize the state of Layer 1 chains with Qredo’s Blockchain, identifying and validating deposits into Qredo vaults and checking the outcome of withdrawal broadcasts.
Key on-chain documents
There are three key custody documents governing the majority of actions in scope for the protocol:
Wallet Document: A Wallet Document is an object that governs keys and assets in the custody protocol. It establishes an on-chain binding between a key generated in the MPC network and a user, identified via a BLS public key, and binds it with a set of rules that govern access to that key (Policy).
There are two types of Wallet Documents: Web3 Wallet Documents (custody of a key) and Vault Wallet Documents (custody over an asset)
Policy: A Policy is a set of rules governing the access and usage of keys and assets within the protocol. It allows users to define custom rules for managing their assets and keys, enabling various degrees of recovery mechanisms and custodial relationships.
Policies can be applied to Wallet Documents, and they determine the conditions under which transactions can be approved. They are often an expression including several identity documents that validators can evaluate for compliance to generate a secure event.
Identity Document: An Identity Document is a cryptographic record of a user's identity within the protocol, typically represented by a BLS public key. Identity Documents allow users to securely interact with the protocol while maintaining their privacy and ensuring that only authorized parties can access their keys and assets.
Key on-chain operations
There are three distinct types of operations that involve Wallet documents and facilitate the movement of funds.
All updated operations performed on a Wallet must be authorized by sufficient BLS signatures to fulfill the policy that was provided in a previous version of the wallet.
Layer 1 — Deposits: Upon creation, a wallet is always associated with a Layer 1 currency (e.g. BTC, USDC, ETH), and it is assigned an appropriate MPC-generated Layer 1 address. The watcher is instructed to monitor this Layer 1 address for deposits, and when a deposit is detected, an ‘Underlying’ transaction is sent to the chain which credits the user’s Qredo Layer 2 wallet with the deposited funds.
Layer 1 — Withdrawals: When the user requests a withdrawal (settlement) from a wallet and their request fulfills the withdrawal policy, the validator, which has a full mapping between the Layer 1 and Layer 2 assets (Qredo calls this crystallization), creates an unsigned transaction to match the user’s request. The watcher routes that unsigned transaction to the MPCs, which ensures the transaction exists in the chain, signs it, and returns it to the watcher for broadcast. A receipt is created, which is returned to the user via the chain.
Layer 1 - External Wallet Request (EWR): A type of wallet update containing raw data supplied by the wallet owners for signing by MPC. This 'sign-only' feature allows users to directly control their layer-1 address and sign transaction or other payload data directly. The Qredo blockchain enforces the policy rules on requests and keeps an immutable record of a wallet's request history along with the signatures generated by MPC. This feature is currently used by Wallet extensions (such as MetaMask Institutional (MMI) and WalletConnect) or Web3 API to facilitate transaction signing.
Layer 2 — Transfers: Transfers between Layer 2 wallets including atomic swaps are all performed by validators without reference to the MPCs or watcher. The authorization for this transfer requires the fulfillment of the previously defined transfer policy. A user creates an updated version of their wallet which includes a ‘transfer’ to send its funds to another Layer 2 Wallet.