Cryptographic signatures are the backbone of cryptocurrencies and their decentralized networks. Custody solutions allow users to securely sign transactions that the blockchain will accept. Some wallets produce deterministic signatures — cryptographic signatures that are reproducible as long as the same data is signed.
Multi-Party Computation (MPC) signing schemes, like those used by Fordefi, produce non-deterministic signatures by default. Each time you sign data, you receive a unique signature, even when signing identical data. Some DApps rely on deterministic signing to improve user experience and to offer a signature-free or less signature-dependent flow. This method trades security for convenience and introduces additional risks.
Deterministic signatures are typically used to sign into platforms that offer a signature-free experience. The signature is used to derive a special wallet/key pair, allowing users to interact with the platform without further signatures. When you sign into these platforms, that key is stored locally in your browser, which creates a risk: the key could be exposed if the browser is compromised.
When deterministic signatures are enabled, Fordefi automatically saves the first signature provided to any DApp that requires deterministic signing. This signature is then provided to the DApp during subsequent logins and is used to consistently derive the private key for that DApp’s sub-vault.
Support for deterministic signatures is managed at the workspace level, but signatures are linked to the vault that produced them. While your entire workspace may have permission to produce and provide these signatures to DApps, each deterministic signature is associated with a single vault.
The simplest attack vector is extracting the key for a DApp account from a compromised browser. In this case, all assets in that vault — or assets deposited to the corresponding DApp — would be at risk.
The signature itself is also sensitive. If leaked or stolen, it can be used to reproduce the sub-vault’s key and access its assets.
Sub-accounts on DApps that use deterministic signatures typically cannot be managed by the Fordefi policy engine. Your workspace policies enforce rules on all vaults in your workspace, but when a sub-account is created using deterministic signatures, a new public/private key pair is created outside your workspace.
Policies around message signing are enforced the first time you sign into a DApp with deterministic signatures.
Fordefi stores the signatures used to re-authenticate with DApps, but those signatures are not included in the backup bundle. Consequently, customers who migrate using only their backup should transfer assets from deterministically-derived accounts before leaving Fordefi.
- Ensure that deterministic signatures are required for the operation you want to perform.
- Get admin approval. Fordefi requires a quorum of admin approvals to enable deterministic signatures. Have your admins indicate their approval in your support channel.
- Once sufficient approval has been granted, tag a member of the support team, and they will toggle deterministic signing for your workspace.