Implementing Chain Signatures
Chain signatures enable NEAR accounts, including smart contracts, to sign and execute transactions across many blockchain protocols.
This unlocks the next level of blockchain interoperability by giving ownership of diverse assets, cross-chain accounts, and data to a single NEAR account.
This guide will take you through a step by step process for creating a Chain Signature.
⭐️ For complete examples of a NEAR account performing transactions in other chains:
Create a Chain Signature
There are five steps to create a Chain Signature:
- Deriving the Foreign Address - Construct the address that will be controlled on the target blockchain
- Creating a Transaction - Create the transaction or message to be signed
- Requesting a Signature - Call the NEAR
multichain
contract requesting it to sign the transaction - Reconstructing the Signature - Reconstruct the signature from the MPC service's response
- Relaying the Signed Transaction - Send the signed transaction to the destination chain for execution
Diagram of a chain signature in NEAR
If you want to try things out, these are the smart contracts available on testnet
:
v2.multichain-mpc.testnet
: MPC signer contract, latest release, made up of 8 MPC nodescanhazgas.testnet
: Multichain Gas Station contractnft.kagi.testnet
: NFT Chain Key contract
1. Deriving the Foreign Address
Chain Signatures use derivation paths
to represent accounts on the target blockchain. The external address to be controlled can be deterministically derived from:
- The NEAR address (e.g.,
example.near
,example.testnet
, etc.) - A derivation path (a string such as
ethereum-1
,ethereum-2
, etc.) - The MPC service's public key
secp256k1:4NfTiv3UsGahebgTaHyD9vF8KYKMBnfd6kh94mK6xv8fGBiJB8TBtFMP5WWXz6B89Ac1fbpzPwAvoyQebemHFwx3
We provide code to derive the address, as it's a complex process that involves multiple steps of hashing and encoding:
- Ξ Ethereum
- ₿ Bitcoin
Loading...
Loading...
The same NEAR account and path will always produce the same address on the target blockchain.
example.near
+ethereum-1
=0x1b48b83a308ea4beb845db088180dc3389f8aa3b
example.near
+ethereum-2
=0x99c5d3025dc736541f2d97c3ef3c90de4d221315
We recommend hardcoding the derivation paths in your application to ensure the signature request is made to the correct account
v2.multichain-mpc.testnet
secp256k1:4NfTiv3UsGahebgTaHyD9vF8KYKMBnfd6kh94mK6xv8fGBiJB8TBtFMP5WWXz6B89Ac1fbpzPwAvoyQebemHFwx3
2. Creating the Transaction
Constructing the transaction to be signed (transaction, message, data, etc.) varies depending on the target blockchain, but generally it's the hash of the message or transaction to be signed.
- Ξ Ethereum
- ₿ Bitcoin
Loading...
In Ethereum, constructing the transaction is simple since you only need to specify the address of the receiver and how much you want to send.
Loading...
In bitcoin, you construct a new transaction by using all the Unspent Transaction Outputs (UTXOs) of the account as input, and then specify the output address and amount you want to send.
3. Requesting the Signature
Once the transaction is created and ready to be signed, a signature request is made by calling sign
on the MPC smart contract.
The method requires two parameters:
- The
transaction
to be signed for the target blockchain - The derivation
path
for the account we want to use to sign the transaction
- Ξ Ethereum
- ₿ Bitcoin
Loading...
Loading...
For bitcoin, all UTXOs are signed independently and then combined into a single transaction.
Notice that the payload
is being reversed before requesting the signature, to match the little-endian format expected by the contract
The contract will take some time to respond, as the sign
method starts recursively calling itself waiting for the MPC service to sign the transaction.
A Contract Recursively Calling Itself?
NEAR smart contracts are currently unable to halt execution and await the completion of a process. To solve this while we await the ability to yield & resume, one can make the contract call itself again and again checking on each iteration to see if the result is ready.
Note: Each call will take one block which equates to ~1 second of waiting. After some time the contract will either return a result that an external party provided or return an error running out of GAS waiting.
4. Reconstructing the Signature
The MPC contract will not return the signature of the transaction itself, but the elements needed to reconstruct the signature.
This allows the contract to generalize the signing process for multiple blockchains.
- Ξ Ethereum
- ₿ Bitcoin
Loading...
In Ethereum, the signature is reconstructed by concatenating the r
, s
, and v
values returned by the contract.
The v
parameter is a parity bit that depends on the sender
address. We reconstruct the signature using both possible values (v=0
and v=1
) and check which one corresponds to our sender
address.
Loading...
In Bitcoin, the signature is reconstructed by concatenating the r
and s
values returned by the contract.
5. Relaying the Signature
Once we have reconstructed the signature, we can relay it to the corresponding network. This will once again vary depending on the target blockchain.
- Ξ Ethereum
- ₿ Bitcoin
Loading...
Loading...
⭐️ For a deep dive into the concepts of Chain Signatures see What are Chain Signatures?
⭐️ For complete examples of a NEAR account performing Eth transactions: