konar est. 2026
CASE STUDY · 03
CROSS-CHAIN PROTOCOL  ·  2023 — 2024  ·  HEXMOUNT  ·  PROTOCOL OWNER

I built a cross-chain protocol with threshold signatures.

Crossflow is a decentralised cross-chain loan protocol on a custom Cosmos SDK / CometBFT L1. Borrowers lock collateral on Bitcoin, EVM, or Solana; the chain issues loans without a custodial multisig. The signing key never exists in one place. Threshold signatures (Gennaro-Goldfeder 2018 MPC-ECDSA) let a quorum of attesters co-sign outbound transactions without any single node holding the full secret.

STATUS
testnet · pre-launch
NETWORK
CFN_testnet-1 · uCFN
CHAINS
3
bitcoin · evm · solana
SDK MODULES
7
loan · tss · oracle · chain · lock · asset · reward
TSS CURVES
2
secp256k1 · ed25519
MPC PRIMITIVES
4
feldman vss · paillier · schnorr/dln zkp · mta
DAEMONS
2
attester · observer
ORACLE
IBC
bandchain price feeds

Most cross-chain bridges are trusted multisigs: a small set of operators hold keys, sign withdrawals, and collect $600M into one target every 18 months. The fix is not better key management. It is never assembling the key at all. Threshold signatures let a quorum of validators jointly produce a valid ECDSA or EdDSA signature through a multi-party computation ceremony, so the private key provably never exists in one place. Crossflow ships that primitive on a purpose-built Cosmos SDK chain: borrow against cross-chain collateral with no custodian and no bridge operator to bribe. 

  Cosmos SDK / CometBFT L1  (CFN_testnet-1 · uCFN)
  ├── x/loan      loan lifecycle · collateral accounting
  ├── x/tss       keygen · resharing · signing coordination
  ├── x/lock      per-chain lock records
  ├── x/asset     supported asset registry
  ├── x/chain     external chain config
  ├── x/oracle    IBC price feed consumer
  └── x/reward    attester incentives
         │
         ├──▶ observer daemon  [ go ]
         │      monitors Bitcoin / EVM / Solana for lock events
         │      posts observation votes to x/loan on L1
         │
         └──▶ attester daemon  [ go ]
                receives sign requests from L1
                executes Gennaro-Goldfeder MPC-ECDSA ceremony
                ├── secp256k1  →  BTC (HTLC scripts + custom sighash)
                │               EVM (loan · repay · supply txs)
                └── ed25519    →  Solana
                         │
                         ▼
              outbound signed transaction
              broadcast to target chain

  BandChain  ──[ IBC ]──▶  x/oracle  →  collateral price feeds
01  ·  DECISION
Gennaro-Goldfeder over a simple multisig

A t-of-n multisig requires each signer to hold a complete key share that can be extracted under duress. GG18 MPC-ECDSA never produces a full key. Signers run a distributed ceremony, so no single compromise breaks the scheme. The security baseline was established quickly by adapting the Kudelski-audited tss-lib rather than implementing the paper from scratch.

02  ·  DECISION
Cosmos SDK over an EVM L2

EVM L2s inherit Ethereum's account model and consensus, which is useful for DeFi composability but wrong for a chain that needs native module governance and IBC. Cosmos SDK lets x/tss and x/loan live as first-class state machines with deterministic execution and direct IBC transport to BandChain, without wrapping logic in Solidity contracts.

03  ·  DECISION
Attester and observer as separate daemons

Signing (attester) and chain monitoring (observer) have completely different failure modes. Separating them means a stalled observer scan doesn't block an in-flight signing ceremony, and each daemon can be upgraded, restarted, or replicated independently without touching the other.

04  ·  DECISION
HTLC scripts for Bitcoin atomicity

Bitcoin's UTXO model has no native smart contracts. HTLCs (hash time-locked contracts) encode the lock condition directly in the script with a custom sighash, giving atomic cross-chain settlement guarantees without a bridge operator. If the secret is not revealed within the timelock, funds return to the sender.

05  ·  DECISION
BandChain over a centralised price oracle

A centralised price feed is a single point of manipulation. One compromised endpoint can trigger mass liquidations. BandChain is a decentralised oracle chain with its own validator set. Consuming price data over IBC means price updates arrive as verifiable IBC packets, not as trusted HTTP calls.

06  ·  DECISION
secp256k1 + ed25519 dual-curve support

Bitcoin and EVM chains sign over secp256k1; Solana signs over ed25519. One attester fleet handles both curves from a single keygen ceremony per curve. Two separate fleets would double the operational surface: upgrades, monitoring, and key ceremonies run twice for no security benefit.

MODULE / SERVICE STACK ROLE
Cosmos SDK L1 chain go · cosmos sdk · cometbft sole engineer
x/tss module go · gennaro-goldfeder tss-lib sole engineer
x/loan module go · cosmos sdk sole engineer
attester daemon go · secp256k1 · ed25519 · htlc sole engineer
observer daemon go · bitcoin rpc · evm rpc · solana rpc sole engineer
x/oracle + BandChain IBC go · ibc · bandchain sole engineer
frontend react · vite · cosmjs · keplr · wagmi v2 · sats-connect · bitcoinjs-lib sole engineer

Crossflow reached testnet (CFN_testnet-1) with a working keygen, resharing, and per-transaction signing ceremony across Bitcoin, EVM, and Solana. The engineering demonstrates implementing Gennaro-Goldfeder MPC-ECDSA (Feldman VSS, Paillier encryption, Schnorr/DLN zero-knowledge proofs, MtA sub-protocol) on a custom L1 chain, integrating HTLC scripts on Bitcoin for atomic settlement, and operating a decentralised oracle over IBC. That is the primitive stack that bridge security and institutional DeFi teams spend years hiring for. Built as one engineer at Hexmount.

NEXT CASE STUDY 04   Ley Abierta — 190 years of Spanish law as Git →