Secret Network Leadership for Monero Community Fund Grant #196
Description
Proposal: Secret Network Leadership for Monero Community Fund Grant
Request: Secret Network leadership support for a Monero Community Fund application to build x/tss—a threshold signature module enabling smart contracts to control external private keys.
What We Need: Official backing and technical coordination. Monero funds the development. Secret gets a general-purpose primitive.
The Pitch
Monero has $3B+ in market cap and zero trustless bridge options. We can solve this by building x/tss—but x/tss isn't just a bridge. It's a primitive that lets any smart contract programmatically sign transactions on any external chain.
Monero pays for the module. Secret gets programmable custody infrastructure.
x/tss: The Primitive
Four functions callable from any CosmWasm contract:
| Function | Description |
|---|---|
DKG() |
Distributed key generation. Returns public key (BTC address, XMR address, ETH EOA, etc.) |
Sign(payload) |
Request threshold signature. Validators contribute shares via vote extensions. Signature returned via sudo callback. |
Reshare() |
Rotate shares, preserve public key. Old shares become useless. External addresses unchanged. |
Delete() |
Securely destroy key. |
The contract defines policy. Validators sign but cannot see the rules.
Why Only Secret
TEE + TSS + Confidential Contracts creates unique security properties:
- Threshold — No single party holds the key
- TEE isolation — Shares can't be extracted even from compromised machines
- Hidden policy — Validators don't know the threshold (FROST shares don't reveal polynomial degree)
- Proactive reshare — Cron-triggered rotation resets attacker progress
An attacker can't even estimate corruption costs because parameters are invisible.
Monero-Specific Work
hash_to_ec — Monero's hash-to-curve for key image generation. Port to Go.
Threshold Key Images — Each validator computes K_i = x_i * H_p(P), aggregate to K = x * H_p(P). Valid on Monero, prevents double-spend.
FCMP++ Compatibility — Ensure signing works with Monero's upcoming Full Chain Membership Proofs (Curve Trees over Selene/Helios cycles).
Solving Monero forces solving the general problems: vote extension aggregation, async callbacks, reshare-with-stable-pubkey, validator set changes.
Security Comparison
| Solution | Trust Model | Policy Layer |
|---|---|---|
| Centralized bridge | Trust company | Fixed |
| Multisig | Trust signers | Fixed |
| MPC bridge (Thorchain) | Trust validators | Protocol-hardcoded |
| x/tss on Secret | Threshold + TEE + hidden policy | Arbitrary per-contract |
For non-IBC chains (BTC, XMR), this is the strongest possible design.
What We're Asking
- Official backing — Statement of support for Monero grant application
- Technical coordination — Architecture review, merge commitment if standards met
- Co-marketing — Joint announcement on approval
Use Cases Enabled
Smart contract wallets with cross-chain control. DAO treasuries spanning multiple chains. Bridges with arbitrary policy logic. Recovery mechanisms in contract code. Programmable escrow. Atomic swaps without online requirement. Dead Man switch.
Future Proofing Secret
CoFHE coordination in a smart contract. Arbitrary MPC calculations for security beyond TEE.
Secret is a TEE, FHE, MPC, ZK chain??
Timeline
| Phase | Duration |
|---|---|
| Monero grant application | 1 month |
| x/tss core (DKG, Sign, Reshare, Delete) | 2 months |
| Monero primitives (hash_to_ec, key images) | 1 month |
| Bridge contract + testnet | 2 months |
Team
Braydn (zenopie)
- Built working x/tss prototype with vote extension integration
- Secret Network validator
- github.com/zenopie/mpc-wasm-chain
- Earth Network Founder