Distributed Key Generation (DKG)

Iron Fish supports two methods for creating multisig accounts: Trusted Dealer Key Generation and Distributed Key Generation (DKG). The Iron Fish DKG protocol is a three round process that allows a group of users to create a shared account. In DKG each participant can generate a share of the spend authorization key without that key share ever leaving their device.

Create a participant identity 

Each signer or participant in an Iron Fish multisig account must first generate an identity.

ironfish wallet:multisig:participant:create --name MyMultisig

The participant identity uniquely identifies the participant in the group. The identity is also a public key and allows other members of the group to encrypt data for that participant. The participant's secret key is stored in their Iron Fish wallet.

Round 1 

Once all participants have created and shared their identities each participant must perform round 1 of the DKG protocol. During round 1 each participant must specify the full list of participant identities in the group and the minimum number of signers required to authorize a transaction.

Each participant must also specify the name of the participant identity that they will use during DKG. This should be the name that they used when creating an identity in the first step.

ironfish wallet:multisig:dkg:round1

Example:

> ironfish wallet:multisig:dkg:round1 \ --participantName MyMultisig \ -i 722f8ce1ff2e73f83604eab390826c2ca63ae37fdf5e9b5d1b8e99bc5351892e23ce2f6e90ca158d8a3929358225936ed749bca009fb5b94c9ed0b44f9b7202b11239a85ab24eee287b1158a51b533c2db2e5e90e9c43480be536bb3fdc7f8f9c5b485c54cbd636b057c5009515b409b5fd7e460b0b04efa3650a6e8298ae91406 \ -i 72b77943a1af7d0b6dcf0f281d7eb57dcc0540930da6f3c330c1dcf71789dfea2113149ef55e69fc6cb6855435821fe83031c253e26b2499f6d6989984230c962db98971be7aae233c302a3a44cfd17d957e9666f58e31c073b76ee2f4b72cb72f92fce80df70956c591d72013cf3a578587a6e403361138cf7e5960fab304f501 \ -m 2 \

Round 1 Encrypted Secret Package: 96934f206374d5e61a0517f5c9d21cb77776b4d9e49446c6490d098481b52c4c01000000f7e8a7fbd4c792102993ba73a17fe4c329fd208aafa0d22d4ece3b061247297cbc000000a37ba23225a4f719af8c8797603dfb3985bd845e43f8d14906737d28063be9c15b9a1084e3cb35cfa5e18525ab6ad1b4a9dcb07e98e365bf55c065d464892fde8a095db775e0a0d341fcdae767752564d0c87d9a34621cb5e2d7cb2f198b576a89a529a0682915297d6766cf7af29145e61af4bbffd871671936edd20f08436a2c75dcd28e1bcd691b0fbb40945445ebb9135ede46c5b4f480957681b802837f4d6ab17c1ce823ff81ad11986303cf5db2c4939e15b2ba6cca8020b2 Round 1 Public Package: 722f8ce1ff2e73f83604eab390826c2ca63ae37fdf5e9b5d1b8e99bc5351892e23ce2f6e90ca158d8a3929358225936ed749bca009fb5b94c9ed0b44f9b7202b11239a85ab24eee287b1158a51b533c2db2e5e90e9c43480be536bb3fdc7f8f9c5b485c54cbd636b057c5009515b409b5fd7e460b0b04efa3650a6e8298ae914068700000000c3d2051e021988d7101e92a49d8fd613ec59fbf13fcf969379664b914d78e998b35b60b9c322c7c02919678e3363d2e9e72df8a9b38318b95de95c354efff6926728e7979a40dff243a3e454c54625626ef9049a878b0e86c361888bb1e656c0b489a1eaddab2c69f0142a54510ba882835d27c20cd534f55340c27d5dca36449f04d987a404e6916ecb4e5ad3891de0a543e5a6bb135ec6512b91f0b561ec17110cc117657002000000141ce04290bdd911f95426dffbb260000071c7cad735f89ac915fe0dc5a2992d49ef4e8bf52c474f7f2126803c0304c569043c51d380973709738eac865378223000000077d8ea9b69b06d511b8cd0b0c55ab2935d6d6b35f7d718c230d16d2c7ae7f889f5b72f63f7e0bbe164629bd25d6ce03d2561b06cd1fa9c0f

The command above outputs an Encrypted Secret Package, which can only be decrypted using the secret corresponding to the participant name that the participant specified, and a Public Package.

Each participant must share the Public Package with each of the other participants in the group.

Round 2 

After all participants have run round1 and shared their Public Packages with all participants in the group each participant can perform round 2 of the DKG protocol.

In round 2 each participant inputs their participant name, their own Encrypted Secret Package from round 1, and all Public Packages from round 1 (including their own).

ironfish wallet:multisig:dkg:round2

Example:

> ironfish wallet:multisig:dkg:round2 \ --participantName MyMultisig \ -e 96934f206374d5e61a0517f5c9d21cb77776b4d9e49446c6490d098481b52c4c01000000f7e8a7fbd4c792102993ba73a17fe4c329fd208aafa0d22d4ece3b061247297cbc000000a37ba23225a4f719af8c8797603dfb3985bd845e43f8d14906737d28063be9c15b9a1084e3cb35cfa5e18525ab6ad1b4a9dcb07e98e365bf55c065d464892fde8a095db775e0a0d341fcdae767752564d0c87d9a34621cb5e2d7cb2f198b576a89a529a0682915297d6766cf7af29145e61af4bbffd871671936edd20f08436a2c75dcd28e1bcd691b0fbb40945445ebb9135ede46c5b4f480957681b802837f4d6ab17c1ce823ff81ad11986303cf5db2c4939e15b2ba6cca8020b2 \ -p 722f8ce1ff2e73f83604eab390826c2ca63ae37fdf5e9b5d1b8e99bc5351892e23ce2f6e90ca158d8a3929358225936ed749bca009fb5b94c9ed0b44f9b7202b11239a85ab24eee287b1158a51b533c2db2e5e90e9c43480be536bb3fdc7f8f9c5b485c54cbd636b057c5009515b409b5fd7e460b0b04efa3650a6e8298ae914068700000000c3d2051e021988d7101e92a49d8fd613ec59fbf13fcf969379664b914d78e998b35b60b9c322c7c02919678e3363d2e9e72df8a9b38318b95de95c354efff6926728e7979a40dff243a3e454c54625626ef9049a878b0e86c361888bb1e656c0b489a1eaddab2c69f0142a54510ba882835d27c20cd534f55340c27d5dca36449f04d987a404e6916ecb4e5ad3891de0a543e5a6bb135ec6512b91f0b561ec17110cc117657002000000141ce04290bdd911f95426dffbb260000071c7cad735f89ac915fe0dc5a2992d49ef4e8bf52c474f7f2126803c0304c569043c51d380973709738eac865378223000000077d8ea9b69b06d511b8cd0b0c55ab2935d6d6b35f7d718c230d16d2c7ae7f889f5b72f63f7e0bbe164629bd25d6ce03d2561b06cd1fa9c0f \ -p 72b77943a1af7d0b6dcf0f281d7eb57dcc0540930da6f3c330c1dcf71789dfea2113149ef55e69fc6cb6855435821fe83031c253e26b2499f6d6989984230c962db98971be7aae233c302a3a44cfd17d957e9666f58e31c073b76ee2f4b72cb72f92fce80df70956c591d72013cf3a578587a6e403361138cf7e5960fab304f5018700000000c3d2051e02eb346711bcc12dc6377d706c21b3cd21bb3ef30f451c22a75e49b86a779a79672741dd0fc7d8994353a42b2e4132f3cffd4eef64280f08a7d25df39c31ea1cb4405b72979d862fe51226cdc4c03659f8d79c3ef3a9aa6069f200cf7e4cb9157c3bd7ff098c775a5bd99ef8438941be2670955734b50fdf02268e2ef83b9cc6e30319ec4f40d77615aab9df530a499d44a5b6cdc372b9eb953d95ec31634d4dc06602000000c624216a75cbe8d3235220205f0f09d8d84acc66989bc27a64b6c512b2846d42e5fd9f14ac44b3690d4108a00a6a3dc2735ef12aad9f64847e3a7ca7ec78e1fe300000004623d75c58facc2c948a8ce5779b96acdcf0f9ceeba6ecb2547f4b5abb522a948480c26697a6be3067d1511aaef5f2b42561b06cd1fa9c0f

Round 2 Encrypted Secret Package: 4df52aa2cf60c93050581f93d2cfb2ee8ee41407fe9fa2b92d72145473da1f86cbeb55b8af1610b46a01000000d67a0f27972dbbcb89381f8a3edfdf6e08c91f64d899d9d211f32513050687d6980000000c5c7ae8ae69e3f49a28507417b4fe11c61fbf6b8e4a922a4117a78e110575384d25129d76c38cf078415fc9ba3bdb8195e96486a6a13d4becfe9c48828d8ab059571df0946860bdf87cd0fb7006b8de9fced1c672e1e1a87d7f2b0b294f8daba69e86f47d497fc647315cc1b7a9eba7e12e5742b2d7c6aa8866f1154bc06e576d2f166d5387196ffe1f9415e30e7994da32bd078ef772588e3786e97e5983597d3a0160992fc61811a52b9a22a531010000006a913b54997328051368078ae7bf6bd6ab87986d1a4feaf78f70461f1d22ca9498000000edc4b8169e588a47d1314be731f0586dc4d12885e6bc86668ef722d80b3b2c2d7c2440dc1edffa9f67f5f7b9833600a183ce2db8f5ff9ebd8ba8b6a76a9b6b1ddfba701f880bd0d54e7c158b33f18512e979b5063b3b5a549fdca64b9a5222cccd9a5ce4f1277fac0b2d0d90a4d6f9d3cb7494566ce01eb44d482e871256a4cc8fde405d2596c03e1ffb8656e467fdb7d9c05ffb29c5327c Round 2 Public Package: 72b0b957ffebbb1859ab5e51619325a6dc84e0dfa2544c6148b8dad7a76334db493c3dafe9fa6da42b0738c964d1b4dd8268a17dcbe44f8fc18432670ef5a4382e104f28490eea3349d1695b955f7aec2a17f9745fa114b2a1c8843e92d6c4437110c14c9046ed3ad9f65f30b82fb3251a742fcce0c71ad7e3a1dc31f981511d0202000000722423872a49e47fa9b04da244eff253ce7f1e11d33b92e4ae4d8b1ead295f7400e228e83ca218e838c9d198a231047dd265715ac947364160b96f8964e5969654d1b9ab748306f9d3722074384ed326f4b1058d289a6e4231ee5117c13dc04fbb6fa0e0967902d3b0fedafd22d87ac4555b3f384eb421d1708a96f676228900002500000000c3d2051e6b40d50d87ecaa5ac670618de4faac09f3502e3d7b14765f4dca7cab09621e0d41f87b54a2f025fc72fe9f80873fa1672f4b3865784505c8bba0df2393d47f9e9358af494782103bd1823bcceb606519b8e11abffc0ae4fa52b56c0a048c4972ed030b7c22f8394e158a23f8f5efab561f8d6b78ee19c2b87c09543e9877ed7055425d242e3c7ffe4bfbb179e07ae89263d8e1fb7ea22d22a4b5c41b645a6ae9620c77f959228b1f0d2500000000c3d2051e20b34c355953f4c3fc9d755066138bb9cc14dffe6f4ef9d30991a0cdc563e20141f87b54a2f025fc

The round2 command outputs an Encrypted Secret Package, which can only be decrypted using the secret corresponding to the participant name that the participant specified, and a Public Package.

Each participant must share the Public Package with each of the other participants in the group.

Round 3 

Once all participants have run round2 and shared the Public Packages that they generated with the corresponding participants, all participants can run round 3 of the DKG protocol. Round 3 is the final round of the protocol, and after running it each participant will have a new account in their wallet for the multisig group.

Round 3 requires that each participant input their participant name, the Encrypted Secret Package that they generated in round 2, all Public Packages from round 1 (including their own), and all Public Packages that they received from round 2.

ironfish wallet:multisig:dkg:round3

Example:

> ironfish wallet:multisig:dkg:round3 \ --participantName MyMultisig \ -e 4df52aa2cf60c93050581f93d2cfb2ee8ee41407fe9fa2b92d72145473da1f86cbeb55b8af1610b46a01000000d67a0f27972dbbcb89381f8a3edfdf6e08c91f64d899d9d211f32513050687d6980000000c5c7ae8ae69e3f49a28507417b4fe11c61fbf6b8e4a922a4117a78e110575384d25129d76c38cf078415fc9ba3bdb8195e96486a6a13d4becfe9c48828d8ab059571df0946860bdf87cd0fb7006b8de9fced1c672e1e1a87d7f2b0b294f8daba69e86f47d497fc647315cc1b7a9eba7e12e5742b2d7c6aa8866f1154bc06e576d2f166d5387196ffe1f9415e30e7994da32bd078ef772588e3786e97e5983597d3a0160992fc61811a52b9a22a531010000006a913b54997328051368078ae7bf6bd6ab87986d1a4feaf78f70461f1d22ca9498000000edc4b8169e588a47d1314be731f0586dc4d12885e6bc86668ef722d80b3b2c2d7c2440dc1edffa9f67f5f7b9833600a183ce2db8f5ff9ebd8ba8b6a76a9b6b1ddfba701f880bd0d54e7c158b33f18512e979b5063b3b5a549fdca64b9a5222cccd9a5ce4f1277fac0b2d0d90a4d6f9d3cb7494566ce01eb44d482e871256a4cc8fde405d2596c03e1ffb8656e467fdb7d9c05ffb29c5327c \ -p 722f8ce1ff2e73f83604eab390826c2ca63ae37fdf5e9b5d1b8e99bc5351892e23ce2f6e90ca158d8a3929358225936ed749bca009fb5b94c9ed0b44f9b7202b11239a85ab24eee287b1158a51b533c2db2e5e90e9c43480be536bb3fdc7f8f9c5b485c54cbd636b057c5009515b409b5fd7e460b0b04efa3650a6e8298ae914068700000000c3d2051e021988d7101e92a49d8fd613ec59fbf13fcf969379664b914d78e998b35b60b9c322c7c02919678e3363d2e9e72df8a9b38318b95de95c354efff6926728e7979a40dff243a3e454c54625626ef9049a878b0e86c361888bb1e656c0b489a1eaddab2c69f0142a54510ba882835d27c20cd534f55340c27d5dca36449f04d987a404e6916ecb4e5ad3891de0a543e5a6bb135ec6512b91f0b561ec17110cc117657002000000141ce04290bdd911f95426dffbb260000071c7cad735f89ac915fe0dc5a2992d49ef4e8bf52c474f7f2126803c0304c569043c51d380973709738eac865378223000000077d8ea9b69b06d511b8cd0b0c55ab2935d6d6b35f7d718c230d16d2c7ae7f889f5b72f63f7e0bbe164629bd25d6ce03d2561b06cd1fa9c0f \ -p 72b77943a1af7d0b6dcf0f281d7eb57dcc0540930da6f3c330c1dcf71789dfea2113149ef55e69fc6cb6855435821fe83031c253e26b2499f6d6989984230c962db98971be7aae233c302a3a44cfd17d957e9666f58e31c073b76ee2f4b72cb72f92fce80df70956c591d72013cf3a578587a6e403361138cf7e5960fab304f5018700000000c3d2051e02eb346711bcc12dc6377d706c21b3cd21bb3ef30f451c22a75e49b86a779a79672741dd0fc7d8994353a42b2e4132f3cffd4eef64280f08a7d25df39c31ea1cb4405b72979d862fe51226cdc4c03659f8d79c3ef3a9aa6069f200cf7e4cb9157c3bd7ff098c775a5bd99ef8438941be2670955734b50fdf02268e2ef83b9cc6e30319ec4f40d77615aab9df530a499d44a5b6cdc372b9eb953d95ec31634d4dc06602000000c624216a75cbe8d3235220205f0f09d8d84acc66989bc27a64b6c512b2846d42e5fd9f14ac44b3690d4108a00a6a3dc2735ef12aad9f64847e3a7ca7ec78e1fe300000004623d75c58facc2c948a8ce5779b96acdcf0f9ceeba6ecb2547f4b5abb522a948480c26697a6be3067d1511aaef5f2b42561b06cd1fa9c0f \ -q 722423872a49e47fa9b04da244eff253ce7f1e11d33b92e4ae4d8b1ead295f7400e228e83ca218e838c9d198a231047dd265715ac947364160b96f8964e5969654d1b9ab748306f9d3722074384ed326f4b1058d289a6e4231ee5117c13dc04fbb6fa0e0967902d3b0fedafd22d87ac4555b3f384eb421d1708a96f676228900000200000072b0b957ffebbb1859ab5e51619325a6dc84e0dfa2544c6148b8dad7a76334db493c3dafe9fa6da42b0738c964d1b4dd8268a17dcbe44f8fc18432670ef5a4382e104f28490eea3349d1695b955f7aec2a17f9745fa114b2a1c8843e92d6c4437110c14c9046ed3ad9f65f30b82fb3251a742fcce0c71ad7e3a1dc31f981511d022500000000c3d2051ebdd1f8f04e180d6a35414cdf0da61b646bdf96e7e296ec033d89bd08089e610a41f87b54a2f025fc72fe9f80873fa1672f4b3865784505c8bba0df2393d47f9e9358af494782103bd1823bcceb606519b8e11abffc0ae4fa52b56c0a048c4972ed030b7c22f8394e158a23f8f5efab561f8d6b78ee19c2b87c09543e9877ed7055425d242e3c7ffe4bfbb179e07ae89263d8e1fb7ea22d22a4b5c41b645a6ae9620c77f959228b1f0d2500000000c3d2051e0e3c0c8436da3c1366c744ace6de1778af4b3419073221fb0fd3c5a209d3fc0841f87b54a2f025fc

Account MyMultisig imported with public address: 3e1ebb137b1b935da1606b48cb3435ff0bd80fe7707b6bae8277a6e05cb66b73

Join our newsletter and stay up to date with privacy and crypto.

Discover our impactful presence — read our blog.

Use

  • Node App
  • Node CLI
  • Mine
  • Block Explorer
  • Ecosystem

Learn

  • Get Started
  • FAQ
  • Whitepaper
  • Tokenomics

Community

  • Foundation
  • Governance
  • Grants
  • Our Community

Developers

  • Documentation
  • Github
Privacy Policy

|

Media Kit

|

Copyright 2024 Iron Fish.