Skip to main content
Regular verification of key shares in MPC Wallets is crucial to maintaining their integrity and security. This process helps detect issues like corruption, unauthorized modifications, or loss of key shares. This article introduces the methods you can use to verify key shares on your server co-signer and key shares you have exported and stored as backup files.
To use this feature, ensure your TSS Node is running version 0.10.0 or higher.

โ€‹
How it works

The verification process involves:
  1. Using the key share to sign some data
  2. Verifying the signature using the original data and the key shareโ€™s public key

โ€‹
Verify active key shares

This section explains how to verify your active key shares - the ones currently in use in your TSS Node.
For TSS Nodes kept offline, an alternative verification method is required. We are currently developing this feature and will provide detailed instructions in the near future.
  1. Follow the instructions in Verify key shares to trigger recurring or one-time key share verification in Cobo Portal.
  2. Cobo Portal will verify the signed message and displays the result. If you want to verify by yourself, you can use either online tools or your local environment.
    Currently, key share verification through the Cobo Portal is only supported for Organization-Controlled Wallets.
    • Using online tools
      1. Go to Google Colab
      2. Paste the verification code below
        • You can retrieve the original and signed message by clicking View key share verification details next to the key share you want to check.View key share verification details
        • You can run the info group command to get the share public key.
      import ed25519
from hashlib import sha256

message = bytes.fromhex("<ORIGINAL_MESSAGE>")
public = "<SHARE_PUBLIC_KEY>"
signature = '<SIGNATURE>'

VerifyKey = ed25519.VerifyingKey(bytes.fromhex(public))
print("VerifyKey: ", VerifyKey.to_bytes().hex())

hashmsg = sha256(message)
print("Hash message: ", hashmsg.hexdigest())

try:
    VerifyKey.verify(signature, hashmsg.digest(), encoding='hex')
    print("ed25519 verify pass!")
except:
    print("ed25519 verify failed!")
      1. Run the code to verify signatures
    • Local verification
      1. Set up your environment:
      pip3 install ecdsa
pip3 install ed25519
      1. Create a checker.py file with the verification code above.
      2. Run the code to verify signatures

โ€‹
Note

Key share verification is enabled by default in a TSS Node. If you want to disable key share verification by using the embedded risk control module, you can modify the configs/cobo-tss-node-config.yaml file as follows: 
embedded_risk_control_rules:
  enable: true
  key_share_sign:
    reject_all: true
By default, the TSS Node callback does not include risk control for key share verification. If you want to implement risk control for key share verification in the TSS Node callback, please reach out to our support team at help@cobo.com for assistance.

โ€‹
Verify backup key shares

This feature is under development. Stay tuned for updates.
Feel free to share your feedback to improve our documentation!