Hello everybody, But this is a question mostly for DFINITY core crypto team.
There is StarkEx technology (Introduction :: StarkEx Documentation) for Etherium rollupped trading. To sign transactions at StarkEx off-chain environment there is used stark key that is derived from private eth key. Also it uses stark-friendly elliptic curve (STARK Curve :: StarkEx Documentation)
Using IC threshold ECDSA feature we can generate distributed private key and sign transactions with it. Can it be possible to derive distributed stark key from distributed private key, or maybe to generate both private key and derived stark key during DKG? And then sign starkex transactions with it?
or maybe to generate both private key and derived stark key during DKG?
The IDKG protocol currently only supports Secp256k1 and Secp256r1 (although signing with the latter curve is not fully integrated in the IC). However it can be extended to generate keys over new curves if needed. If signing is just standard ECDSA, then the signing protocol could also be easily extended to work over the new curve.
Can it be possible to derive distributed stark key from distributed private key
If I understand correctly they recommend this key derivation approach to derive a key from an ethereum address. I think this would be quite more complicated to be compatible with, as it is essentially a hardened key derivation scheme that hashes the parent secret key. Since the IC uses threshold keys, no single party has the full secret key, so this would require a general MPC protocol to compute the hash of a shared secret key. Do you have any scenarios in mind that require derivation of a stark key from an eth address? On the IC I think it would be easier just to generate a separate stark key with the DKG protocol, so new keys will be completely unrelated to the keys used to derive ethereum addresses.
I didn’t look into it very deeply, but it looks like the order of the curve is 252 bits, which means that using something like BIP32 will require quite a few repetitions to generate child keys. Are you aware of any usage of some non-hardened key derivation in this context?
Thank you a lot. And excuse me for taking your time about derivation problem. Diving a little deeper I understood that derivation actually is not needed in my scenario.
What can I do (or someone) to add new curve for threshold ecdsa protocol?