Tookey

Access and asset management protocol for enterprises in Web3.
Current access and asset management experience are absolutely off, right now crypto doesn't solve this problem at all.
he countless incidents of compromised private keys with consequent theft of funds is obvious evidence. The scope of the problem is massive.
Proper security against compromise of the private key severely restricts projects and reveals numerous business operations unfeasible.
Standard approaches usually provide a low level of security. Most projects, at their own risk, distribute keys to high-ranking managers
Multisig a terrific approach to boost security, but the complexity of gathering those signatures cause challenges and limitations
In our opinion, three characteristics must be included in a management solution: Allow third-party access to the wallet. Compatibility...
By making private keys divisible, sharable, and pluggable, we reframed the concept of private key access and security.
Pluggable Tookey's core components are the TSS participation library and the Key Service API.
Each signing participant in TSS has its own key portion, allows to establish minimum signing participation levels while remaining anonymous
Moreover, signing processes stands off-chain, and do not burden the blockchain with additional verification processing.
We envision countless possible execution cases, but the most powerful ones are:
Set up any needed transactions for execution, such as oraclization, liquidation, etc. Deployment automation and interface with depositaries
Control of money by institutional players: keep track of what you're spending with daily budget restrictions or manual permissions
Share corporate money with each employee, manage investor unlocking, maintain track of approvals, while maintaining full system control.
Let's go through the technical components of protocol work and frames.
The current scheme demonstrates how Tookey enables risk-free financial management.
The key is separated into two halves. Tookey performed an extra part. Users can interact with Tookey as a transaction signing partner.
In the basic scenario, authorization is obtained through authorized bot approval on Telegram. When the key holder authorizes the message
It is, however, designed to be unlimited. We may even utilize any sort of authentication based on clients' needs (KYC, email verification)
You may grant your staff restricted access or partial control over your Web3 project funds.

Inspiration

Cybersecurity is at the forefront of many Web3 CEOs' minds as the necessity to secure their businesses grows, investors' and users' assets.

The problem scope is massive: more than $500 million was stolen from only 4 protocols in December 2021 due to a compromised secret key issue. Cross-chain bridges remain a major target for hackers, with 3 bridges breached this month (October 2022) and nearly $600 million stolen.

GnosisSafe and other multisig solutions increase complexity and execution costs while still lacking corporate asset management features.

Current private key administration experience is absolutely off:

Management of access is the complex and unhandled issue of many Web3 projects.
Automation of execution requires disclosure of private keys inside a semi-trusted environment, driving weak security.
Access control on smart contracts is limited by on-chain data and brings additional complexity and execution costs

What it does

TOOKEY - asset and access management protocol that intends to transform the enterprise private key management paradigm across Web3, DeFi, and Collectible (NFT) platforms.

Tookey identifies threats of private key compromise and fraudulent transaction pushing, letting developers integrate and deploy distributed private key management solutions quickly.

This is now possible due to the implementation of "Threshold Signature Schemes". TSS allows several people to sign transactions using a single public key.

Pluggable Tookey's core components are the TSS participation library and the Key Service API. These components enable the development of third-party applications such as DeFi protocol maintenance tools, end-user wallets, CEX depositaries, escrow services, and so on.

How we built it

We suspect the issue is identified in three aspects:

First! Proper security against compromise of the private key severely restricts projects and reveals numerous business operations unfeasible.
Second! Standard approaches usually provide a low level of security. At their own risk, most projects distribute keys to high-ranking managers for sole control, which can lead to loss of funds or private key compromisation.
Third! Multisig is a terrific approach to boost security, but the complexity of gathering those signatures and the algorithms for interacting with multisig keys cause challenges and limitations that most projects and users cannot tolerate.

In our opinion, three characteristics must be included in a management solution:

Allow third-party access to the wallet (partners, staff, and even servers), but explicitly limit the potential modes of engagement.
Compatible with various execution contexts and should not be firmly bound to a certain blockchain or wallet.
The solution must be non-custodial; the risk of compromise of control as a result of an unethical service provider is too terrific.

We solved the problem by meeting all three requirements, now keys can be exchanged with Tookey and are no longer secret, but remain secure and protected. By making private keys divisible, sharable, and pluggable, we reframed the concept of private key access and security, and also ensures that a single key can be utilized in multiple scenarios.

Challenges we ran into

The team encountered various challenges while working on this project, including the requirement that MVP fulfill all existing asset management and protection criteria, be simple to implement in any given protocol, and be cost-effective.

The technology is already there; the major problem for the Tookey team is to create and frame a new-era Web3 cyber security solution within a limited budget. By connecting more protocols, we will be able to adapt Tookey to a wider variety of demands while mastering functionality and introducing new from-the-box capabilities for enterprise clients such as DAO and escrow setup administration.

The fundamental problem remains to maintain a reliable and decentralized system that developers may deploy in any given protocol or execution context. Owing to limited resources, the development of EDSA and EDDCA signature types and hardhat plugin integrations may take longer due to interoperability concerns.

Also, we anticipate that there may be various challenges with user flows, glitches, and so forth during the early stages of development, but we are prepared for this. Such events will help us to identify system flaws and design and supply amazing solutions for the web3 sector.

Accomplishments that we're proud of

The Tookey team is committed to building technologies that will allow protocol owners and CTO's to sleep peacefully at night without fear of losing protocol cash overnight. Taking decentralized enterprise security solutions to the next level of execution by minimizing these risks.

The Tookey protocol is being built on top of TSS threshold signature technology. Why not begin with multi-sig? TSS uses off-chain encryption, whereas Multisig occurs on-chain and necessitates the network developing a means to support it. The main difference is that multisig is blockchain-specific and hence must be reimplemented for each blockchain, but it is not always supported. TSS, on the other hand, is based on pure cryptography, hence it is always supported.

TSS may also be utilized naturally in a blockchain by updating a blockchain client to generate keys and signatures using TSS. In reality, TSS technology allows us to replace any private key-related instructions with distributed computations. Because each participant only holds a piece of the private key, there is no longer a single point of failure.

Furthermore, distributed key generation may be done in such a manner that alternative access topologies can be allowed: the conventional "t out of n" design can withstand up to "t" random failures in private key-related procedures without compromising security.

The threshold signature security mechanism, which Tookey incorporates within the protocol, has been battle-tested and is easily connectable to any given protocol, providing:

Flexibility in operations
Enhanced Security
Reduced Transaction Size (Lower Cost)
Fund Access Regulation for Simple Key-Share Refresh
Participants who can be programmed and transaction filters

What we learned

By reframing the problem, we found a fresh approach to private key management and asset protection methods, determined weak spots, and new execution scenarios.

Furthermore, the team discovered ways to optimize private key access situations, better company asset management, and enormously scale human coordination for web3 entrepreneurs working together to construct next-generation daps. That is why we choose to contribute to Chainlink and benefit from your expert team's assistance in mastering the product and execution situations, as well as increasing web3 technology acceptance.

What's next for Tookey

The platform seeks to become a cutting-edge business and personal security solution provider in the emerging Web3 world by projecting important expertise and knowledge in DeFi product development into cyber security.

Integrations in new DeFi and Web3 protocols are in the pipeline, and the results will help us build credibility and important collaborations with promising initiatives while making distributed private key solutions a part of a new and secure Web3 future.

Project Milestones:

Milestone 1 - Chainlink Network integration into Tookey Signer (Signer - mobile application for generating a distributed key and generating a signature)

Milestone 2 - Creation of a library for developers that enables the use of Tookey in project management. (Chainlink state feed integration to authorize actions based on BC data)

Future milestones & deliverables: