Research the extension to threshold signing
fjarri opened this issue · 3 comments
The paper itself only describes n-of-n
signing. We want at least t-of-n
, and ideally a compartmentalized model (t-of-n or t' of k
or something). The paper says (Section 1.2.8):
In this work we mainly focus on n-out-of-n multi-party signing, and do not explicitly consider the more general t-out-of-n threshold signing for t < n. Such a protocol can be derived almost immediately from our protocol herein for the online variant using Shamir secret-sharing, with relevant changes to the protocol’s components, similarly to Gennaro and Goldfeder [32].
([32] is "Fast Multiparty Threshold ECDSA with Fast Trustless Setup", https://dl.acm.org/doi/10.1145/3243734.3243859)
We would want that extension to be as independent from the main scheme as possible; ideally, it should be decoupled enough to constitute its own crate.
Possible implementations to use as an example:
- https://github.com/entropyxyz/tofn (implements GG20)
- https://github.com/bnb-chain/tss-lib
ThresholdKeyShare
and make_threshold_key_shares
added in commit 3da84d6. This allows one to make threshold key shares in a centralized way and use them in the existing presigning and signing protocols.
#96 adds an implementation of T. M. Wong, C. Wang, J. M. Wing "Verifiable Secret Redistribution for Archive Systems" (https://www.cs.cmu.edu/~wing/publications/Wong-Winga02.pdf). It's a pretty old one, and there are some new developments: https://eprint.iacr.org/2024/031. We need to figure out how to actually implement it.