Threshold Signatures are a ‘Significant Milestone’ in Bitcoin Security

Researchers from the City University of NY, Princeton University and Stanford University, released a paper, introducing the first threshold signature scheme compatible with Bitcoin's ECDSA signatures.
Researchers from the City University of NY, Princeton University and Stanford University, released a paper, introducing the first threshold signature scheme compatible with Bitcoin's ECDSA signatures.

A group of six researchers from the City University of New York, Princeton University and Stanford University, released a paper on March 8, introducing the first threshold signature scheme compatible with Bitcoin's ECDSA signatures.

Qualified as "stealth multi-signature," threshold signature is said to become a standard for Bitcoin wallet security and holds the promise of overcoming the limits of multi-signature wallets. 

The said threshold signature scheme allows users to split signing control between a certain number of participants who are all granted a share of the private signing key.

The paper reads:

"Instead [of using multi-signature] we observe that joint control can be accomplished using threshold signatures. In a threshold signature scheme, the ability to construct a signature is distributed among n participants, or players, each of whom receives a share of the private signing key."

A key property of threshold signatures is that the private key need not ever be reconstructed, it further notes. Even after repeated signing, nobody learns any information about the private key that would allow them to produce signatures without a threshold sized group.

To jumpstart the process of bringing the scheme to use, the group built a prototype implementation of a two-factor secure wallet by modifying the popular Multibit wallet program and an Android app to go with it.

The implementation uses a QR code displayed on one device and captured via the camera of the other in order to securely pair and share key material.

According to the researchers, the signature protocol can be completed in less than 15 seconds.

This demo video shows the scheme in action:

Advantages over multi-sig

Multi-signature transactions, which require multiple designated participants to sign a transaction before it will be considered valid, offer one clear benefit over using threshold signatures, note the researchers. Unlike threshold signatures, multi-sig transactions can be signed independently by each participant in a non-interactive manner.

However, multi-sig transactions suffer significant drawbacks, as they have become subject to increased transaction fees, and that they can harm the anonymity of individual users. Because the number of keys has a hard-coded limit, multi-sig transactions require an organization's access control policies to be made public.

Multi-sig addresses are thus identifiable and break confidentiality of transactions while most of companies would rather keep their books private.

Because threshold-signed transactions are indistinguishable from regular transactions, they do not leak the access-control policy of an organization as it is encoded in the shares, not the address.

According to the researchers, threshold signatures are a significant milestone for Bitcoin security as it provides the industry with the missing properties that current "join-controlled" wallets are offering.

Considering the increasing number of hacks, thefts and losses, better security is what the industry needs at this point to reach mainstream adoption, they argue.

"The availability of threshold wallets may finally make good on Bitcoin’s promise to bring various benefits over traditional payments to consumers and businesses.

Additionally, better security will indirectly lead to improved privacy and lower service fees and arguably pave the way for mainstream adoption of cryptocurrencies."

The group released the code of their two-factor implementation on Github, and welcomes the community involvement "to bring [the] prototype implementation to production quality."

They further stated that they were currently in discussions with a prominent bitcoin wallet software to integrate their implementation of two-factor security. 


Did you enjoy this article? You may also be interested in reading these ones: