People may like the idea of blockchains and web 3.0, but they tend to hit an immediate obstacle in the form of private cryptographic keys and mnemonic seed phrases that cannot be lost, forgotten or divulged at any cost.
Private key management specialist Torus replaces that jarring user experience with what appears to be a familiar single login, but one that’s reinforced behind the scenes by a clever distributed architecture built for web 3.0.
Announced Monday, the Singapore-based startup has released a one-click Chrome browser extension for its Torus wallet and added a new product called tKey, a custom version of two-factor authentication (2FA). The extension will also work in Brave.
When information is exchanged online, users don’t want to know about the underlying public key infrastructure (PKI) – and so it should be with blockchains and the next generation of the internet, or “Web3,” said Torus Labs CEO Zhen Ju Yong.
But while people don’t want that tricky user interface, they do, of course, want to control the process in a decentralized manner, Zhen added.
“Our goal is to make key management convenient to the mainstream user – my parents, for example – to be able to use crypto, while still retaining the level of security and non-custodiality which is needed for decentralized applications,” Zhen said in an interview. “We’ve always seen ourselves more as a key management company rather than a wallet. We are kind of a step up for wallets, more like an infrastructure layer.”
How Torus works
At a high level, Torus splits and distributes sensitive data needed to construct a user’s private key between the user and nodes on the Torus network, which includes Binance, Ethereum Name Service (ENS), Etherscan, Matic Network, Ontology, Skale, Tendermint Core and Zilliqa.
Distributed key generation is generally divided into three parts, or “secret shares” (Shamir's Secret Sharing, or SSS, for the technically conversant), with two held by the user and the third further split across the Torus network.
The new tKey release allows users to easily add and control incremental layers of security, a kind of customizable 2FA that works like a smart contract, said Zhen. An obvious extra security layer to add would be a mobile phone, which could store a user’s additional secret share in its secure enclave, protected by a biometric passcode. If the user has more than one mobile device, they could add as many layers of security as they want.
Similar to other 2FA systems, as long as the user has access to two out of three of their secret shares, they will be able to retrieve their private keys and login.
‘On the shoulders of giants’
For many users, logging into dapps is done by authenticating with MetaMask, the kind of default Ethereum browser wallet. Torus has built on top of MetaMask (although it should be mentioned that the ConsenSys-backed plugin recently changed its licensing) to create its new Chrome extension.
“We greatly appreciate the MetaMask team's hard work and development,” Torus wrote in a press statement. “However, due to Torus’ necessity of being open source, Torus Extension (forked from 22 June 2020) continues to use its older MIT license.”
Zhen described the arrangement as “building on the shoulders of giants” and stressed that Torus is not seeking an edge over MetaMask.
“By no means do we feel like we want to compete with MetaMask. We’re actually in talks with MetaMask with regards to their licensing changes, and about potentially integrating,” he said.
Torus has always had a close relationship with Binance, which invested $500,000 in the seed round, and the largest exchange by volume is now playing a central role in the new Torus product releases.
“We’re super-excited that Binance actually co-developed tKey with us, and it’s going to be an open-source SDK,” said Zhen. “We are launching this together. Along with this SDK, Binance itself and the Chrome extension for Binance DEX and Smart Chain is going to have both Torus and tKey integrated into it as one of the core key management flows.”
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.