Chapter 7iv: Threshold Signature Schemes

Question 1

• Identified challenges with classical public key cryptography
• What if the Ksec key gets compromised?
• What if the node that stores Ksec is not available or gets destroyed?
• What if we need more than one entity to sign, think “distributed system”?

Answer 1

• Threshold signature schemes solve above challenges
• Attacker needs to compromise t nodes to compromise the Ksec
• If at least t nodes remain functional, a signature can be computed – availability
• Each node can decide if it wants to participate in the signing process

Question 2

* Variety of interesting use-cases: Threshold Digital Signatures

Answer 2

• Cryptographic wallets – both custodial and private wallets
• Public key infrastructure (PKI), e.g. to protect the private key of a certificate authority (CA)
• Byzantine Fault Tolerant (BFT) protocols

Question 3

Threshold Signature Schemes Mode of Operation

Three main steps. Explain

Answer 3

Key generation, Signing, Verification

Question 4

TSS

Key Generation – Trusted Setup – Shamir’s Secret Sharing [4]

Answer 4

Question 5

Answer 5

Question 6

Initialization:
Secret Sharing:
Signing:

Answer 6

Question 7

Start of Signing: …
Signing: …
Interpolation: …

Answer 7

• Client sends a message m to all nodes
• Nodes participate in signature protocol, obtained partial signatures are sent to aggregator/client
• The aggregator/client combines individual partial signatures once it receives t to obtain full signa- ture