Founders:Omer Sadika, Sean Lee, David Lachmish and Yehonatan Cohen Scaly
Co-Investors:DCG, Lightshift Capital
Launch Date: August 2022
What is Odsy Network?
Odsy Network is a network of dWallets that provides a secure, programmable, decentralized access layer to all of Web3 through dynamic, decentralized wallets (dWallets). Odsy guarantees the security of dWallets by making users and the network necessary participants in its signing mechanism.
Why we invested?
Odsy Network is well-positioned to capitalize on the opportunity to revolutionize the way access control is handled in the crypto space. By introducing a new blockchain primitive, dWallets, they are providing users with the security of a blockchain while still allowing them to maintain access control for their assets. This technology has the potential to open up a whole new world of possibilities, from decentralized retail and institutional custody to multi-chain DAOs, interoperable gaming and DeFi, and wrapped assets.
We believe that Odsy Network has the know-how and technology to create a successful product and make a big impact in the crypto space. The team is well-positioned to capitalize on the opportunity and provide users with a secure and decentralized access control solution. We are confident that the Odsy Network team has the right vision and technology to succeed and realize its goals.
Challenges in the current landscape
- Access control: Decentralized access control to blockchains accounts is poor and limited because a crypto user can either keep 100% of the access themselves by holding a private key personally or irrevocably give away 100% of the access to someone else by sharing their private key. Anything else requires either using centralized solutions or trying to address the same use cases by moving from user-owned accounts to smart contracts.
- Security of Private Keys: Private keys are the most important security tool for protecting crypto assets, however protecting them can be difficult. If private keys are lost or stolen, they cannot be recovered, and the associated crypto assets may be lost forever. Therefore, owners must take extreme caution to ensure that their private keys are safe and secure.
- Exchange Security: Despite the best efforts of security teams, cryptocurrency exchanges remain vulnerable to cyber-attacks. Hackers are constantly trying to exploit any weaknesses in the system in order to gain access to user funds. Exchanges must therefore ensure that their security measures are constantly up to date and robust in order to protect user funds.
- Crypto Wallet Security: Crypto wallets are the way users store their coins and tokens, and thus must be kept secure. Unfortunately, due to the complexity of the technology, it can be difficult for users to ensure that their wallets are always up to date with the latest security patches and protected from malicious software.
- Phishing Scams: Phishing scams are a common threat to crypto users, as fraudsters disguise themselves as legitimate companies in order to steal private keys, passwords, or other sensitive information. Unfortunately, these scams are difficult to detect, as they can be disguised as legitimate emails or messages.
- Malware: Malware is a major threat to crypto users, as malicious software can be used to gain access to wallets and other sensitive information. Unfortunately, it can be difficult for users to detect malicious software, as it is often hidden in emails, messages, or even legitimate websites.
Odsy Network Solution through dWallets
- Strong Decentralization: The dWallet creation, signing, and access control mechanisms, as well as the decentralized state machine they operate in, must all exhibit strong decentralization. A permissioned network or one with a small number of nodes does not suffice.
- Genericity: The signing mechanism must generate a digital signature for any valid message, independent of its destination or purpose. For example, a dWallet that supports the ECDSA signing algorithm can be used to sign transactions of any blockchain that uses ECDSA for authentication.
- Trustlessness: The dWallet must deterministically adhere to the access control mechanism.
- Dynamicity: The access control mechanism must be Turing-complete and dynamic.
- Transferability: The owner of a dWallet must be able to completely transfer ownership of a dWallet to a new owner, with previous ownership being revoked.
- Multi-chain: Multisig are ad-hoc unique solutions, designed to patch a specific access problem. That means that every blockchain, and sometimes even specific protocols, requires a purposefully-built multisig solution. With dWallets The logic written applies to every blockchain and protocol in the same way- same code base, same language, same framework, etc.
- Turing Complete: A dWallet enables, in a straightforward way, to write Turing complete logic that is generic to any type of blockchain, from simple protocols to very complex ones.
- Signature: Unlike multisig solutions, dWallets create one signature that is identical to the signature created when using traditional wallets with a private key. That enables use cases (e.g. identity) that require a signature to be generated that way.
How does it work?
Neither the user nor the blockchain may sign without the other's consent to sign that particular message. This is possible through a cryptographic protocol called Multi-Party Computation (MPC). MPC allows multiple parties to perform a computation and learn its result without any party learning the other parties' secret inputs or anything about the computation itself.
More specifically, Threshold Signature Schemes (TSS). In this type of MPC, the computation done by the parties yields a distributed key with which they can jointly sign messages.
In a t-out-of-n setting of TSS total number of n parties and threshold t such that any subgroup of parties or more will be sufficient to sign together. The process looks as follows; when a user wishes to create a new dWallet, it engages in a process called Distributed Key Generation (0KG) with the blockchain:
Following a DKG, the distributed private key of the new dWallet can be used to sign messages in the following way:
At first sight, it might be tempting to think a simple 2-out-of-2 scheme can be used for this purpose, with one secret share saved by the owner of the dWallet and another saved on the blockchain.
However, because blockchains are public, one cannot keep secrets on the blockchain and it would essentially be equivalent to the owner holding the key in its entirety by themselves, which defeats the purpose.
Because of this, the approach is to utilize TSS in a fully decentralized manner by not only splitting the secret between the user and the blockchain but also splitting the blockchain's secret between validators so the validators shares are never revealed publicly on the blockchain.
This way, in order for a message to be signed by a dWallet, the cooperation of both the owner/user of the dWallet and a certain threshold tout of the n validators is required.
The above sketch described an mpc-only design for a network of dWallets. This design is cryptographically secure and indeed may offer a secure implementation of dWallets by itself.
That being said, another layer of security on top of MPC makes the network even more secure. This is achieved by storing the secret data of every validator on a Trusted Execution Environment (TEE) such as Intel SGX. This way, the hardware security as an extra layer on top of the cryptographically secure MPC.
This yields an ultra-secure system that is not reliant on any single point of failure: compromising the network is not sufficient as the validators themselves cannot access their secret share because it is kept in the enclave, and breaking a single enclave doesn't suffice either as it only holds one secret share out of the required threshold t.
Additionally, the plan is to support all of the different secure TEEs (Intel SGX, AMO SEV, AWS Nitro etc.) so that an attacker would need to have zero-day vulnerabilities to multiple different hardware implementations in order to break the system.
Use cases of Odsy Network dWallets
- Digital asset custody: With dWallets, the policies are managed and enforced by the dWallet, and users - whether individuals, businesses or institutions - have the freedom to easily choose to join, leave or transfer between different operational custody providers. From the standpoint of the user, this brings usability to possibilities unavailable today.
The user knows that regardless of the provider they chose, their private key MPC shares are stored in the Odsy network and managed by the same dWallet interface. This, for the first time, empowers the user to be able to migrate between MPC custody providers in a frictionless manner- all that's needed is a change of the dWallet's policy.
- Multi-Chain decentralized organizations: A decentralized organization formed on the Odsy Network controls a dWallet that can hold assets on any other blockchain, sign transactions on those blockchains, and control other decentralized organizations on other blockchains.
Furthermore, the sophisticated decentralized access control capabilities of a dWallet allow for practically any operation to be executed in a trustless manner - with dynamic access control that limits each user to the exact type and volume of transactions they are authorized to sign on.
- Granular access sharing, delegation, and control: Access to a static decentralized wallet is absolute and irrevocable. A private key has full power to sign any transaction, and if a private key is shared, lost or stolen - access to the wallet can never be modified.
A dWallet is by nature a trustless mechanism to share and control access to digital assets. Any type of condition - whether it's quorums, spending limits, allowlisted protocols, etc. - can be used to control the shared access to a dWallet.
- Custody-as-a-service: Today, custody-as-a-service solutions exist, however, they are all centralized, and usually provided through an API by an existing trusted custody service provider.
With dWallets, a new and decentralized model for custody-as-a-service is possible - a "Bring Your Own Wallet" model, where dWallets are used as the underlying custody infrastructure. Imagine a centralized exchange, where the order book is managed centrally, and dWallets are used as the universal and decentralized underlying infrastructure technology connecting them to the blockchain, or banks offering their customers a crypto account with specific predefined actions that are permitted by the local laws and regulations using a dWallet with access control.
- Interoperable Infrastructure: A dWallet, and its native interoperability, can be used as an infrastructure for any multi-chain DeFi or infrastructure project in a completely decentralized manner, removing all overhead and security operations on the developer side.
Each new implementation of interoperable infrastructure and DeFi projects with dWallets will involve a complete reimagining of the current state-of-the-art solutions.
We have seen amazing advancements in the crypto sector in recent years, from new protocols and digital assets to new blockchains. Unfortunately, access to these technologies is becoming increasingly centralized, with users relying on third-party solutions to hold their assets and keys. To ensure that crypto will reach its full potential and be used in real-world applications, access must be secure, flexible, and most important of all, trustless.
We believe that dWallets can revolutionize the way people access crypto and shape the industry for years to come, just like the introduction of smart contracts did. Existed to be part of the ecosystem that will shape the future of crypto, and drive its growth and development over the decades to come.