In the past several months, AMIS has implemented and opened the
In the past several months, libraries ECDSA: CGGMP and EdDSA : FROST. ECDSA is the most popular digital signature in the blockchain world. Compared to ECDSA, the digital signature protocol EdDSA, which is a variant Schnorr signature, has better performance and saves recording space due to the aggregator signature.
At present, some blockchain projects already support EdDSA such as Polkadot, Stellar, and Near Protocol. In essence, the EdDSA we implemented is actually the Schnorr signature, because the nonce used in the signature is randomly selected, which does not come from the deterministic algorithm described in RFC-8032. Since the verification of algorithms used by EdDSA and Schnorr signature is the same, signatures generated by our Library: Frost can still be used in EdDSA.
Threshold Signature Scheme (TSS)
The goal of these libraries is to manage private keys according to the Threshold Signature Scheme. Briefly speaking, the purpose of t-n threshold signature scheme allows t of a total of n parties to collaborate on producing a correct signature under the condition that there is no leakage of private information. In addition, this scheme can dynamically manage the entry or exit of parties and revoke lost shares without reconstructing the shared private key.
Use Case: 2–3 Threshold Signature Scheme
We now use an example to demonstrate the concept of 2–3 threshold signature scheme. Suppose that a user has three machines such as a laptop, a cellphone, and a server. In the beginning, after three machines are established a secure connection with each other, they perform our library simultaneously. Each of them will obtain a ‘’secret’’ and a shared signature address respectively. According to our setting (i.e., 2–3 threshold signature scheme), any two of them in collaboration can generate a correct signature.
Assume that the ‘’secret’’ is owned by the user’s phone was stolen. Since only one ‘’secret’’ was missing, there is no way for a thief to generate a valid signature or recover the secret key. In this situation, the user can use the remaining two machines to revoke the own power of signature of the ‘’secret’’ on the cellphone and regenerate a new ‘’secret’’ to install on a new cellphone.
Hierarchical Threshold Signature Scheme
Moreover, our library can assign one of three machines to be indispensable for each execution (i.e., Hierarchical Threshold Signature Scheme ). In other words, the other two machines are not able to produce any correct signatures together. Therefore, the special ‘’secret’’ needs to make additional backups to prevent from loss. Meanwhile, it keeps the important feature, which is impossible to generate a correct signature by only one machine.
Open Source and Auditing
After opening the libraries, some developers provided helpful suggestions and pointed out some bugs. Our team patched them as soon as possible to improve the correctness and security. In addition to developing and opening the libraries, an important goal of applying this grant is to conduct a third-party audit of the completed libraries. After four months of work, signing the contract and preparing to audit will be done by the end of August. The associated audited documents of these libraries are planned to be published in October.
Future Roadmap
In the future, we will reorganize the BLS signature . The basic structure is now complete here. BLS Signature is currently expected to be used in ETH2.0 and ETH’s layer 2 Arbitrum and so on. Considering the wide applicability of BLS signature in the predictable future, we will also accelerate its integration into our Library.
Additionally, we also have a library, which supports experimental 2-party BIP32. In the next step, we will also formalize it into our Library rigorously. The advantage is that the passphrase will be divided into two parts, and no party will know the complete passphrase, reducing the risk of single of failure.
At last, thanks to Coinbase Giving for the grant and for supporting our development. We feel that it is very important that companies like Coinbase continue to support developers for these insightful projects.
FAQ
ECDSA is currently the most popular digital signature algorithm in the blockchain space. EdDSA, which is a variant of the Schnorr signature, offers better performance and saves recording space due to its aggregator signature capabilities.
In a 2-3 scheme, a user might distribute "secrets" across three devices (e.g., laptop, cellphone, and server). Any two devices can collaborate to generate a valid signature. If one device is stolen, the attacker cannot forge signatures, and the user can use the remaining two devices to revoke the stolen share and generate a new one.
AMIS plans to reorganize and accelerate the integration of BLS Signatures, which are expected to be widely used in ETH2.0 and Layer 2 solutions like Arbitrum. Additionally, they will formalize an experimental 2-party BIP32 library to further reduce single points of failure regarding passphrases.