Hierarchical Threshold Signature Scheme — An Approach to Distinguish Signers in Threshold Signature Scheme | by Coinbase | Mar, 2022
This report updates on what AMIS, Coinbase Crypto Community Fund grant recipient, has been working on over the first part of their year-long Crypto development grant. This specifically covers their work on hierarchical threshold signature.
AMIS is a financial technology company creating bonds between traditional and decentralized worlds. We provide security and accessibility for blockchains as well as for cryptocurrencies. With us, our customers can manage blockchain technology with ease and confidence.
Distributed computing in computer science focuses on achieving the common purpose by a system having separate components, which are connecting, interacting, and conveying messages to each other. Multi-Party Computation (abbrev. MPC) makes sure the desired tasks are executed securely in a distributed system to prevent malicious entities. Many malicious entities steal the inputs of all components in the system or induce to deviate the correct results for their own purposes. Therefore, any secure protocols of MPC require the following two properties:
- Privacy: Each party should not learn anything more than its prescribed output.
- Correctness: Each party is guaranteed the correct output.
In the world of blockchain, the possession of private keys is the control of your assets. How do you protect your private key? A natural answer is that you entrust professional custodial service to manage private keys. However, it is easy to become the target of hackers. On the other hand, if users hold private keys, it is very likely to be stolen by adversaries due to weak awareness of information security, or some inappropriate operations.
Inspired by the practice of maintaining treasure maps, a naive idea is to divide the map into many parts and hide them in the distributed places. In this setting, the cost of attacks will increase owing to multiple spots. The next upcoming question is how to safely take these parts out for use. Since we are now in a distributed system, MPC becomes a natural option to solve the issue. This is because each component can safely and correctly execute the computational requirements guaranteed by MPC.
Threshold signature scheme (abbrev. TSS), a special application of MPC technology, dramatically decreases the risk of private key management. Most importantly, TSS does not save the private key, which is *split* into many parts called “share”, on the server and provides risk control as well as separation of duties. Meanwhile, compared to multi-signature, TSS provides the native multi-signature capability for those blockchains that lack shorter signatures and better privacy. These significant advantages make TSS suitable for implementing hot wallets without revealing private keys and providing the service in real-time.
Compared to TSS, shares in this Hierarchical Threshold Signature Scheme (abbrev. HTSS) are allowed to have different ranks. The main merit of this scheme is vertical access control such that it has “partial accountability”. Although TSS achieves joint control to disperse risk among the participants and avoid single points of failure, the importance of all shares is equal. It is impossible to distinguish which share gets involved in an unexpected signature which is because TSS only supports horizontal access control. For example, an important contract not only requires enough signatures but also needs to be signed by a manager. In the HTSS framework, assigning different ranks of each share induces that any valid signature generated includes the share of the manager. We call this library Alice. The aim of Alice is to provide an open and audited TSS Library. At the same time, we will also organize some useful cryptography libraries independently in the developing process. In addition, AMIS will continuously keep updating this library and fixing potential security issues.
By means of sharing articles in the medium and opening research papers and libraries continuously, AMIS is motivated to a progressively higher capability. More precisely, we have:
Except for academic research, AMIS also developed the following products:
In March, we will implement a new protocol of ECDSA: UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts including Key Generation, Key-Refresh & AuxiliaryInformation, Three-Round Sign, and Six-Round Sign. The part that hasn’t been integrated yet is the echo protocol which provides a secure broadcast environment for each node but adds one extra round of communication.
For EdDSA, we also adopt the well-known protocol: FROST, which supports the elliptic curves: ed25519 and sr25519. However, this part has not been integrated into the master branch of Alice. Of course, the above libraries also support Hierarchical secret sharing. We hope to complete all the above-mentioned tasks in May and prepare to audit in June. Finally, I am very grateful for the support of Coinbase’s grant, so that we can continue to accomplish this project.