Chain Key cryptography allows the Internet Computer blockchain to finalize transactions that update canister smart contract state in 1–2 seconds. This is an enormous improvement, but still insufficient alone to allow blockchain to provide competitive user experiences, which require that responses be provided to users in milliseconds. The Internet Computer solves this by splitting canister function execution into two types, known as “update calls” and “query calls.” Update calls are those we are already familiar with, and take 1–2 seconds to finalize their execution, while query calls work differently because any changes they make to state (in this case, the memory pages of canisters) are discarded after they run. Essentially, this allows query calls to execute in milliseconds.
The Internet Computer is the third great innovation in blockchain. The first innovation was Bitcoin, which introduced cryptocurrency, and is now playing the role of digital gold. The second innovation was Ethereum, which introduced canisters, which are now powering the DeFi revolution. This third major innovation, the Internet Computer, introduces the first true blockchain computer, which will enable the world to reimagine how we build everything — using a blockchain with seamless, infinite capacity. Inside the Internet Computer Protocol, Chain Key cryptography makes this all possible — a combination of dozens of computer science breakthroughs such as Random Beacon, Probabilistic Slot Consensus, Advanced Consensus Mechanism, Network Nervous System, etc., that allows the Internet Computer to be the first blockchain computer that runs at web speed with unbounded capacity.
The key component of chain-key cryptography is a threshold signature scheme, which is like an ordinary digital signature scheme, except that the secret signing key is distributed among all the replicas in a subnet in such a way that the key cannot be stolen by compromising one (or even a large fraction) of the replicas in the subnet. A digital signature scheme is a very traditional type of public-key cryptosystem, in which a secret key held only by the signer is used to generate a digital signature on a message, and a public key made available to everyone can then be used to efficiently verify a digital signature on a message. A threshold signature scheme is a digital signature scheme where the secret signing key is never stored in one location. Rather, the secret key is effectively split up into secret shares, and each secret share is stored on a different machine. To sign a message, these machines must agree to sign the message and coordinate with one another to generate a digital signature in a distributed fashion. Notably, this happens without ever reconstructing the secret signing key in one location.
This technology has huge benefits, including:
- Anyone can verify the content received from the Internet Computer by simply validating a signature without syncing the entire blockchain.
- The topology of IC can evolve autonomously -- New nodes and subnets can be added, faulty nodes can be recovered and protocol can be upgraded autonomously.
- A source of unpredictable and unbiasable pseudo-random numbers for canisters. Canisters can securely run algorithms that need randomness.
For more information on Chain-Key Cryptography, check out our page here.
Chain-key transactions extends chain-key technology to allow transactions targeted at other blockchains to be computed fully on-chain using the Internet Computer Protocol. Using chain-key transactions, the IC can integrate with other blockchains such as Bitcoin and Ethereum in a completely trustless manner without needing any bridges. Canisters can now securely store and transact Bitcoin. The secret key of the Bitcoin is shared between all the nodes running the canister. The canister can transact Bitcoin using a chain-key transaction when at least 2/3rd of the nodes agree to make the transaction. Using chain-key transactions is the strongest, most decentralized way of integrating blockchains as no additional trust assumptions besides that of the two blockchains are required, particularly no additional parties that manage signature keys or their shares.
For more information on Chain-key transactions, check out this page.