Skip to main content
Version: 1.2.0

Key Lifecycle

Once we have already generated our key shares, we can refresh and also export them.
We show how to do this below.

Key Refresh

Key Refresh (sometimes referred to as "Key Rotation") is a protocol that allows the devices to compute entirely new secret shares of the same public key.
Refreshing the key material frequently is considered a best practice for enhanced security, as it adds an element of time to the security setting.
Since even if one secret share was compromised, then after Key Refresh the compromised secret share will no longer be useful. Below is an example of how to use Key Refresh:

import { Ecdsa } from '@sodot/sodot-node-sdk';

const N = 3;
const T = 2;
const ecdsa = new Ecdsa();
const API_KEY = 'MY_API_KEY';
// An EcdsaKeygenResult was previously generated using keygen
const keygenResult = await ecdsa.keygen(...);
// Some time passes ...

// We now refresh the secret key material of our public key
// Your server creates a room for 3 parties
const refreshRoomUuid = await ecdsa.createRoom(N, API_KEY);
// All parties now join the refresh room using their current secret key material
const refreshedKeygenResult = await ecdsa.refresh(refreshRoomUuid, keygenResult)
// Note: refreshedKeygenResult.pubkey == keygenResult.pubkey
// refreshedKeygenResult can now be used for signing under the same T threshold, as well as be refreshed again
API reference

Full details can be found here.