As Cardano governance enters a new phase of on-chain action, Intersect is preparing to facilitate the submission of a significant number of treasury withdrawal proposals. These actions, made on behalf of community-approved initiatives, require a robust and transparent process to maintain trust, particularly as volumes increase and scrutiny intensifies.

To support the integrity of these governance actions, Intersect is taking a proactive step, publishing the verification key that will be used to sign all governance metadata we author. This move is not just a technical formality; it is a critical safeguard designed to prevent misuse and ensure accountability in a decentralized system.

Without verifiable authorship of governance metadata, there is a risk of exploitation. For example, a bad actor could duplicate the metadata from a legitimate treasury withdrawal, change only the recipient address, and submit it as if it were authentic. In high-volume voting environments, such an attack could go unnoticed.

That is why we are adopting the metadata signing standard defined in CIP-100 and CIP-108, which includes a cryptographic signature by the author. In this blog, we will guide you through the process of how this signature works, how voters can verify it, and why it is essential for the continued security and credibility of Cardano’s evolving governance process.

A Potential Exploit Scenario

One plausible attack involves a malicious actor duplicating the metadata of a legitimate treasury withdrawal governance action, changing only the destination address.

On-chain, such governance actions may look legitimate at first glance, as only one address has changed. This could be easily missed in high-volume voting environments.

This sort of attack has been discussed in the community (see CIPs Issue #970 from Adam Dean).

Our Role as Administrator: Signing What We Submit

To counter this, the CIP-100/108 governance metadata standards include a safeguard with the inclusion of the author’s witness signature. 

For all future governance actions submitted by Intersect, all metadata will be correctly signed and verified.

Our processes cover:

• A governance metadata body containing details of all critical on-chain effects for that action, i.e., for treasury withdrawals, the recipient address, and the requested ada amount.
• A signature generated from our secret key, covering this body content.
• A reference to our public verification key, so that voters and tooling can independently verify the authentic authorship of the metadata.

This makes our authorship verifiable whilst ensuring that any tampering is detectable.

Disclosing Our Verification Key

To support transparent verification, we are publicly disclosing the verification key we will use to sign the author property:

Public Key (hex):

05568f86955e65c1a59df5ac1985449b167c3828dccd00b3da9df36a1cf1c743

This is the only key Intersect will use to sign governance metadata. To demonstrate Intersect’s control over this key, we provide the following message and signature.

Message (Text/ UTF-8):

This is to verify Intersect's control of this public key 05568f86955e65c1a59df5ac1985449b167c3828dccd00b3da9df36a1cf1c743. The associated secret signing key will be used to sign Intersect authored governance action metadata. These keys can be used to ensure Intersect authorship of governance actions observed on-chain.

Ed25519 Signature (hex):

aea1e9cd4f9fe6178bcf382603284d2c298d575b683ff56135a1a17c6b649be7e24a25bcd61660b08468b49b3f4fcab6ae8a38ffb15acc658997140aee7a1702

To verify this message, there are a few tools available.

• Cardano Message Verification
• Ed25519 Online Tool
• cardano-signer

If a governance action claims to be authored by this key but lacks a valid signature from this key, it must be treated as highly suspicious.

This key, message, and signature are also present on Intersect’s GitHub at:
IntersectMBO/governance-actions.

What Voters Can Do

Verifying author signatures is not yet intuitive or seamless for voters across all governance tools.

Good practices could be:

• Cross-verify the proposal metadata: Confirm that the content described within the metadata matches the proposed on-chain effect.
• Check the author’s signature: Use tools such as Cardano-Signer, Ed25519 Online Tool, or Cardano Message Verification to validate the correctness of the author's witness(es).
• Check the author’s identity: Check the provided witnesses against keys you know or trust, perhaps against the key shared in this blog.

If a governance action’s metadata and on-chain effects are inconsistent or if the signature does not match the expected author key, it most likely indicates a fraudulent attempt.

The Role of Tooling

Currently, very few governance tools or explorers reveal the author’s key or signature. The exception is cardano-signer, developed by ATADA Stakepool.

We urge other Cardano tools to add support for voters in validating the correctness and identity of governance metadata authors.

Stay Informed

To learn more about Intersect’s work, explore our Knowledge Base, which provides detailed information on governance structures, committees, and funding. Additionally, visit the Intersect website for the latest news, updates, and roadmap information.

Join the conversation on Discord, and follow us on Twitter (X) and LinkedIn to engage with fellow members, working groups, and the broader community.

Your voice helps shape the future of Cardano governance. And don’t forget to remain vigilant, and see you on-chain!