What are Chain Signatures?
Chain signatures enable NEAR accounts, including smart contracts, to sign and execute transactions across many blockchain protocols.
This unlocks the next level of blockchain interoperability by giving ownership of diverse assets, cross-chain accounts, and data to every single NEAR account.
Diagram of a chain signature in NEAR
How It Works​
Controlling accounts and their assets on other blockchain platforms is made possible thanks to the interaction between three elements:
- Derivation Paths - A deterministic way to derive foreign addresses from one NEAR account
- Multichain Smart Contract - Receives requests to sign a transaction for other blockchains
- Multiparty Computation Service Third-party service providing signatures to the contract
Derivation Paths: One Account, Multiple Chains​
Chain Signatures link NEAR accounts to addresses in other blockchain using Additive Key Derivation (a simple mechanism for deriving many subkeys from a single master key). These keys are generated using derivation paths
(or paths
for short).
A derivation path
is simply a string (e.g. ethereum-1
, ethereum-2
, etc) that in conjunction with the NEAR account derives a unique address on the target blockchain.
For example, we can derive multiple Ethereum addresses from example.near
by using different paths:
example.near
+ethereum-1
=0x1b48b83a308ea4beb845db088180dc3389f8aa3b
example.near
+ethereum-2
=0x99c5d3025dc736541f2d97c3ef3c90de4d221315
example.near
+...
=0x...
It is important to note that this allows us to discover the public address of the foreign account that we can control. To actually control the foreign account, we need to request signatures from the MPC service.
In practice, the external address is deterministically derived using the NEAR address (example.near
), the path (ethereum-1
) and the MPC service's public key
Multichain Smart Contract​
A deployed multichain smart contract is used to request signatures for transactions on other blockchains.
This contract has a sign
method that takes two parameters:
- The
payload
(transaction) to be signed for the target blockchain - The
path
that identifies the account you want to use to sign the transaction.
For example, a user could request a signature to send 0.1 ETH to 0x060f1...
(transaction) using the ethereum-1
account (path).
After a request is made, the sign
method will yield execution waiting while the MPC signing service signs the transaction.
Once the signature is ready, the contract resumes computation and returns it to the user. This signature is a valid signed transaction that can be readily sent to the target blockchain to be executed.