This is Hierarchical Threshold Signature Scheme (HTSS) worked by AMIS. Comparing to Threshold Signature Scheme (TSS), shares in this scheme are allowed to have different ranks.
The main merit of HTSS is vertical access control such that it has "partial accountability”. Although TSS achieves joint control to disperse risk among the participants, the level of all shares are equal. It is impossible to distinguish which share getting involved in an unexpected signature. TSS is not like the multi-signature scheme as the signature is signed by distinct private keys in multi-signature scheme. It is because Shamir’s secret sharing only supports horizontal access control.
For example, an important contract not only requires enough signatures, but also needs to be signed by a manager. Despite the fact that vertical access control can be realized on the application layer and tracked by an audit log. Once a hack happens, we will have no idea about who to blame for. However, in HTSS framework, through assigning different ranks of each share induces that any valid signature generated includes the share of the manager.
HTSS has been developed by Tassa and other researchers many years ago. In our implementation, we setup up this theory on TSS(i.e. just replace Lagrange Interpolation to Birkhoff Interpolation). Meanwhile, our protocol of sign (i.e. GG18 and CCLST20 ) can support two homomorphic encryptions which are Paillier and CL scheme.
Now, Alice supports two parts:
- HTSS(A variant of GG18 and CCLST): ECDSA. This part has been audited.
- 2-party Bip32. WARN: This part has NOT been audited (Preparation).
Although the fist part of Alice has been audited, you should still be careful to use it.
- Using end-to-end encryption to transfer messages between two parties is necessary.
- If any error messages occur during execution Alice, you should stop and restart it. Never restart in the middle flow.
- Important Now, GG18 is insecure, so you should replace Paillier homomorphic encryption into CL homomorphic encryption (i.e. USE CCLST protocol). Our version is the fast version of GG18 (i.e. without range proof). The merit of CL homomorphic encryption does not any range proofs.
If you have more questions, you can connect us directly without any hesitation.