Skip to main content

Chain Signatures

Chain signatures enable NEAR accounts, including smart contracts, to sign and execute transactions across many blockchain protocols.

This unlocks the next level of blockchain interoperability by giving ownership of diverse assets, cross-chain accounts, and data to a single NEAR account.

info

This guide will take you through a step by step process for creating a Chain Signature.

⭐️ For a deep dive into the concepts of Chain Signatures see What are Chain Signatures?

⭐️ For complete examples of a NEAR account performing Eth transactions:

Create a Chain Signature

There are five steps to create a Chain Signature:

  1. Deriving the Foreign Address - Construct the address that will be controlled on the target blockchain
  2. Creating a Transaction - Create the transaction or message to be signed
  3. Requesting a Signature - Call the NEAR multichain contract requesting it to sign the transaction
  4. Reconstructing the Signature - Reconstruct the signature from the MPC service's response
  5. Relaying the Signed Transaction - Send the signed transaction to the destination chain for execution

chain-signatures Diagram of a chain signature in NEAR

1. Deriving the Foreign Address

Chain Signatures use derivation paths to represent accounts on the target blockchain. The external address to be controlled can be deterministically derived from:

  • The NEAR address (e.g., example.near, example.testnet, etc.)
  • A derivation path (a string such as ethereum-1, ethereum-2, etc.)
  • The MPC service's public key

We provide code to derive the address, as it's a complex process that involves multiple steps of hashing and encoding:

src/services/ethereum.js
loading...
tip

The same NEAR account and path will always produce the same address on the target blockchain.

  • example.near + ethereum-1 = 0x1b48b83a308ea4beb845db088180dc3389f8aa3b
  • example.near + ethereum-2 = 0x99c5d3025dc736541f2d97c3ef3c90de4d221315

2. Creating the Transaction

Constructing the transaction to be signed (transaction, message, data, etc.) varies depending on the target blockchain, but generally it's the hash of the message or transaction to be signed.

src/services/ethereum.js
loading...

In Ethereum, constructing the transaction is simple since you only need to specify the address of the receiver and how much you want to send.

3. Requesting the Signature

Once the transaction is created and ready to be signed, a signature request is made by calling sign on the MPC smart contract.

The method requires two parameters:

  1. The transaction to be signed for the target blockchain
  2. The derivation path for the account we want to use to sign the transaction
src/services/ethereum.js
loading...
tip

Notice that the payload is being reversed before requesting the signature, to match the little-endian format expected by the contract

info

The contract will take some time to respond, as the sign method starts recursively calling itself waiting for the MPC service to sign the transaction.

A Contract Recursively Calling Itself?

NEAR smart contracts are unable to halt execution and await the completion of a process. To solve this, one can make the contract call itself again and again checking on each iteration to see if the result is ready.

Note: Each call will take one block which equates to ~1 second of waiting. After some time the contract will either return a result that an external party provided or return an error running out of GAS waiting.

4. Reconstructing the Signature

The MPC contract will not return the signature of the transaction itself, but the elements needed to reconstruct the signature.

This allows the contract to generalize the signing process for multiple blockchains.

src/services/ethereum.js
loading...

In Ethereum, the signature is reconstructed by concatenating the r, s, and v values returned by the contract.

The v parameter is a parity bit that depends on the sender address. We reconstruct the signature using both possible values (v=0 and v=1) and check which one corresponds to our sender address.

5. Relaying the Signature

Once we have reconstructed the signature, we can relay it to the corresponding network. This will once again vary depending on the target blockchain.

src/services/ethereum.js
loading...
info

⭐️ For a deep dive into the concepts of Chain Signatures see What are Chain Signatures?

⭐️ For complete examples of a NEAR account performing Eth transactions:

Was this page helpful?
Need some help? Chat with us or check our Dev Resources!
Twitter
Telegram
Discord
Zulip