API to be exposed to general developer # Tkey with Service Provider - Assumption - Storage Layer and Service Provider is required or default with Web3Auth Service Provider ### Definition - Initialized Tkey -> Tkey is initialized with a shareStore or service provider - Reconstructed Tkey -> Tkey with threshold number of share that reconstructed the main tkey ### State of tKey (2/3) - Read mode (1 share available) - Write mode (atleast 2 shares available) ### Types of data on metadata - Public data (any share can read, min 1 required) - Share private data (share itself can read) - Final key private data (threshold shares are required) ### Questions 1. should we throw error if user tries login with an import_key (final private key) ? => yes 2. should we expose the idea of share store and share index ? => No 3. should we hardcode share indexes? => [1, 2, 3]. we can call this share number. 4. should we allow tkey init with a BN? => yes. 5. management of manual sync parameter ? 6. All getShare(number: int) API => Interate through the active share index list, then return the share. [id, [1, "asdfasdf", "asdasdf", "2342134"]] ?? ### Actionables 1. initialize API 2. add support for device share export during initialize. 3. if 2 is not possible, come up with a draft PR on how this can be done. This problem is obvious ? -> *on new signup, 2 shares is created. we could get the share_index that is not 1 and call exportShare(index) to get the share.* 4. eval if we can allow BN to initialize tkey -> *with metadata server, we could get shareStore from share (BN). we could support initalize with BN.* 5. Check if login can be a part of initialize() 5. Remove sharestore and share index names from externally facing functions completely. Potentially replace it with share and index 1. rename shareStore => share ?? 2. never export shareStore ??. check viability 7. Allow only one input/output share function. 8. Figure out manualSync in ios + rust + android. 9. Simplify all modules APIs ``` Constructor(storageLayer, serviceProvider, ...configuration ) -> Tkey // initalize will put tkey in read mode // use service_provider sharestore // import_key is only valid for first time login -> initialize(import_key: optional , ...config) // using share store initializeWithShareStore(shareStore, ...config ) initializeWithShare(share, ...config ) initializeWithBN(BN, ...config ) // try to reconstruct key reconstructKey(...config) ``` ## Share operations ``` // Required Initialized Tkey getShareIndexes() -> return all share indexes of latest polynomial importShare( share, shareType ) // Required Reconstructed Tkey exportShare( shareIndex, shareType ) deleteShare( shareIndex ) // shareIndex should be checked for forbidden value generateNewShare( shareindex: optional) updateThreshold( threshold ) (rename from refresh shares) *shareType allow - mnemonic, hex, serializedShareStore ``` ## Metadata ``` // require initialized Tkey getShareDescription(shareIndex) // require reconstructed Tkey // do we want to allow dev to modify module/extension's share description? setShareDescription(shareIndex, ...data) deleteShareDescription(shareIndex) ``` ## Module/Extension/Features's API ### DeviceShare (Web/device storage) ``` // require initialzed tkey importShare(tkey, share_index?) // require reconstructed tkey deleteShare(tkey) -> remove and delete share from tkey and device // without initialized tkey getShare(public_key) initializeWithDeviceShare(public_key) setShare(public_key, share) // do we want to allow this? removeShare(public_key) * remove from device only // import share from device if tkey is not reconstructed, save to device if tkey is reconstructed syncShare(tkey, share_index?) ``` ### ShareTransfer -> **Require Initialized Tkey** ``` // Initialized Tkey device ( not enough share ) request() checkForApproval() -> save as device share on approved ? // Reconstructed Tkey device lookupForRequest() -> return detail of share request approve(encPubX) -> should generate new share and approve ``` ### Security Question -> **Require Initialized Tkey** Assumption only 1 security question is allowed ``` // require initialized Tkey getQuestion() -> return question inputAnswer(answer) // require reconstructed Tkey setQuestionAnswer(question, answer) deleteQuestion() getAnswer() -> return answer // do we want to allow this? ``` ### PrivateKey Module -> **Required Reconstructed Tkey** ``` addPrivateKey() deletePrivateKey() getAllPrivateKeys() ``` ### SeedPhrase Module -> **Required Reconstructed Tkey** ``` addSeedPhrase() deleteSeedPhrase() getAllSeedPhrases() ``` --- Existing state // ts tkey.modules.webstorage.importShare() // rust thresholdkey.input_share_from_security_questions("blublu".to_string(), &curve_n); thresholdkey.request_new_share("user_agent".to_string(), vec![], &curve_n); // ios securityQuestions.generate_share(thresholkey, question, answer); shareTransfer.approve_request(thresholdKey, "123123"); --- Assume that rust is the way to do it // ts ?? thresholdkey.inputShareFromSecurityQuestions() thresholdkey.requestNewShareFromShareTranfer() RPC thresholdkey.request({ id: 1234, rquest: "shareTransfer_inputShareFromSecurityQuestions", params: [123, "!@#!@#"] }) // rust ob // iOS thresholdkey.inputShareFromSecurityQuestions() thresholdkey.requestNewShareFromShareTranfer()