entropyxyz/synedrion

Research the extension to threshold signing

fjarri opened this issue · 3 comments

The paper itself only describes n-of-n signing. We want at least t-of-n, and ideally a compartmentalized model (t-of-n or t' of k or something). The paper says (Section 1.2.8):

In this work we mainly focus on n-out-of-n multi-party signing, and do not explicitly consider the more general t-out-of-n threshold signing for t < n. Such a protocol can be derived almost immediately from our protocol herein for the online variant using Shamir secret-sharing, with relevant changes to the protocol’s components, similarly to Gennaro and Goldfeder [32].

([32] is "Fast Multiparty Threshold ECDSA with Fast Trustless Setup", https://dl.acm.org/doi/10.1145/3243734.3243859)

We would want that extension to be as independent from the main scheme as possible; ideally, it should be decoupled enough to constitute its own crate.

Possible implementations to use as an example:

fjarri commented

ThresholdKeyShare and make_threshold_key_shares added in commit 3da84d6. This allows one to make threshold key shares in a centralized way and use them in the existing presigning and signing protocols.

#96 adds an implementation of T. M. Wong, C. Wang, J. M. Wing "Verifiable Secret Redistribution for Archive Systems" (https://www.cs.cmu.edu/~wing/publications/Wong-Winga02.pdf). It's a pretty old one, and there are some new developments: https://eprint.iacr.org/2024/031. We need to figure out how to actually implement it.

The full integration was done in #116. There are still specific issues to be resolved, but in general it works, and this issue can be closed.