Tookey

Project Description

Tookey - asset and access management protocol that intends to transform the enterprise private key management paradigm across Web3, DeFi, and Collectible platforms.

Problem scope

The problem scope is massive: more than $500 million was stolen from only 4 protocols in December 2021 due to a compromised secret key issue.

Cross-chain bridges remain a major target for hackers, with 3 bridges breached this month (October 2022) and nearly $600 million stolen.

Solution

Tookey detects risks to private key integrity and fraudulent transaction pushing, allowing developers to swiftly integrate and implement distributed private key management solutions.

Because of the introduction of Threshold signature schemes, this is now achievable. TSS enables several persons to sign transactions with a single public key.

Pluggable The TSS participation library and the Key Service API are the two main components of Tookey. Third-party applications like as DeFi protocol maintenance tools, end-user wallets, CEX depositaries, escrow services, and so on can be built using these components.

Project Impact

Cybersecurity is on many Web3 CEOs' minds as the need to protect their companies', investors', and consumers' assets.

GnosisSafe and other multisig systems add complexity and execution costs while being devoid of corporate asset management functionalities.

Current private key administration experience is completely inadequate:

1. Access management is a complicated and unresolved topic in many Web3 applications.
2. Automation of execution necessitates the exposure of private keys inside a semi-trusted environment, resulting in inadequate security.
3. Smart contract access control is restricted by on-chain data, which adds complexity and execution costs.

We suspect the issue is identified in three aspects:

1. Proper security against compromise of the private key severely restricts projects and reveals numerous business operations unfeasible.
2. Standard approaches usually provide a low level of security. At their own risk, most projects distribute keys to high-ranking managers for sole control, which can lead to loss of funds or private key compromisation.
3. Multisig is a terrific approach to boost security, but the complexity of gathering those signatures and the algorithms for interacting with multisig keys cause challenges and limitations that most projects and users cannot tolerate.

In our opinion, three characteristics must be included in a management solution:

1. Allow third-party access to the wallet (partners, staff, and even servers), but explicitly limit the potential modes of engagement.
2. Compatible with various execution contexts and should not be firmly bound to a certain blockchain or wallet.
3. The solution must be non-custodial; the risk of compromise of control as a result of an unethical service provider is too terrific.

We solved the problem by meeting all three requirements, now keys can be exchanged with Tookey and are no longer secret, but remain secure and protected.

By making private keys divisible, sharable, and pluggable, we reframed the concept of private key access and security, also ensures that a single key can be utilized in multiple scenarios.

Signing process demonstration video and GitHub repositories:

We share a belief in the possibilities for decentralization and the development of a better web3 internet. Tookey resolves private key compromise threats while being a non-custody solution. Protocol supporting all Ethereum-like networks, the main focus on security and user privacy. We can enable improved private key access scenarios, enhance business asset management, and massively scale human coordination for web3 entrepreneurs building next-generation daps working together.

The team encountered various challenges while working on this project, including the requirement that MVP fulfill all existing asset management and protection criteria, be simple to implement in any given protocol, and be cost-effective.

By connecting more protocols, we will be able to adapt Tookey to a broader variety of demands while mastering functionality and introducing new from-the-box capabilities for enterprise clients such as DAO and escrow setup administration.

Keep in contact by following Tookey.io on the major social media platforms: