- access and asset management protocol

Hey, there :parrot:

:star: We are delighted to be here, connecting with talented members of the ZCash community.
The Tookey team is confident that we will find new ideas, extremely useful feedback, and much more here.

Hope you won’t be against interacting with us in the comments below or sending direct messages via Tookey socials; let’s stay in touch! :bird::arrow_heading_down:

Here is the link to grant submission.

:key:TOOKEY - asset and access management protocol that intends to transform the enterprise private key management paradigm across Web3.

The problem scope is massive:

More than $500 million was stolen from only 4 protocols in December 2021 due to a compromised secret key issue. Cross-chain bridges remain a major target for hackers, with 3 bridges breached this month (October 2022) and nearly $600 million stolen.

Current private key administration experience is absolutely off:

  • Management of access is the complex and unhandled issue of many Web3 projects.

  • Automation of execution requires disclosure of private keys inside a semi-trusted environment, driving weak security.

  • Access control on smart contracts is limited by on-chain data and brings additional complexity and execution costs

We suspect the issue is identified in three aspects:

  • First! Proper security against compromise of the private key severely restricts projects and reveals numerous business operations unfeasible.

  • Second! Standard approaches usually provide a low level of security. At their own risk, most projects distribute keys to high-ranking managers for sole control, which can lead to loss of funds or private key compromisation.

  • Third! Multisig is a terrific approach to boost security, but the complexity of gathering those signatures and the algorithms for interacting with multisig keys cause challenges and limitations that most projects and users cannot tolerate.

GnosisSafe and other multisig solutions increase complexity and execution costs while still lacking corporate asset management features.

Three criteria must be incorporated into a management solution:

-Allow third-party access to the wallet (partners, workers, and even servers), but limit the possible types of participation clearly.

-Compatible with many execution contexts and should not be restricted to a single blockchain or wallet.

-The solution must be non-custodial; the risk of losing control due to an unscrupulous service provider is too great.

Tookey identifies threats of private key compromise and fraudulent transaction pushing, letting developers integrate and deploy it quickly.

This is now possible due to the implementation of Threshold signature schemes. TSS allows several people to sign transactions using a single public key.

Pluggable Tookey’s core components are the TSS participation library and the Key Service API.

These components enable the development of third-party applications such as DeFi protocol maintenance tools, end-user wallets, CEX depositaries, escrow services, and so on.

We solved the problem by achieving all three requirements; keys may now be transferred with Tookey and are no longer hidden, but they are still safe and secured. We reframed the notion of private key access and security by making private keys divisible, sharable, and pluggable. This also assures that a single key may be used in numerous places.

Thank you for showing interest, we would love to hear what you think :thinking:

Greatest regards, Team

Hi @Tookey-io - Welcome to the forum, and thank you for submitting your grant proposal! We will review it in the upcoming weeks and reach out if we have any questions.

In the meantime, if you have any questions for us, you can post them to this thread or DM us at @ZcashGrants.


1 Like

@Tookey-io, thank you for your submission. After consideration from @ZcashGrants, and sufficient time for the community to provide feedback on the forum, the committee has decided to reject this proposal.

The Committee views this proposal as out of scope for funding at the moment, but encourages you to keep up the efforts and it would be great to have you as an active member of the Zcash community going forward both here on the forum and the below avenues as well if you are interested.

1 Like