There is a lot happening in the blockchain space, making it increasingly challenging to stay informed. Some aspects are more critical than others, and when it comes to security, certain elements take top priority. While not many changes occur in this field, there are innovative solutions worth being aware of. One such solution is threshold signatures. If you are reading this article, it means you have encountered this term elsewhere and wish to deepen your understanding. If not, let us briefly explain what it entails.
The Threshold Signature Scheme, or TSS, is a cryptographic signature scheme that can establish higher security levels compared to traditional signature schemes. It is gaining popularity among crypto service providers as a means to ensure a secure information flow without interference from external parties, such as hackers and phishers.
So, without further ado, let's delve into this topic.
Feel free to skip directly to the section on Threshold Signatures below if you are familiar with public and private keys.
As we all know, blockchain is based on public key cryptography. To simplify, it involves a pair of two keys: a private key, which you should keep private, and a public key, which you can broadly expose. In essence, it's like having a PO box address and a box key. A similar concept is used in blockchain, where the public key serves as your PO box address, and the private key is the box key. Many people can send mail to this PO box, but only one person can access the contents.
When you want to send someone a message and authenticate that it was sent by you and nobody else, you could stamp it. While this might not be a widely used practice today, it serves as an analogy. In public key cryptography terms, such a stamp is a signature that you should provide with your message. Anyone receiving a message from you can authenticate that it was signed by the owner of the private key corresponding to the public key. Since you publicly claimed that this public key belongs to you, anyone can verify that the message was indeed signed by the real owner of that public key.
So, public cryptography consists of three components:
In the realm of blockchain, it functions as both a database and a network, facilitating the exchange of messages among various entities that update the state of this database. The primary purpose of this database is to store a singular type of data—wallet addresses and their corresponding balances. Blockchain messages are meticulously structured data, more commonly known as transactions. Each transaction serves as a message instructing how to alter the data within the database, and the sole verification required is to confirm the legitimacy of these changes.
As mentioned earlier, the public key serves as a form of public address, and in blockchain terms, this translates to a wallet's address. Depending on the blockchain, public keys may be encoded differently and represented as distinct wallet addresses. However, beneath the surface, it remains fundamentally the same—a form of a "PO box" linked to a corresponding balance.
As previously highlighted, messages within the blockchain, in this context transactions, possess a specific structure. These transactions encompass instructions on how to modify the wallet's balance and include a signature computed with the wallet’s private key. The signature serves as authentication, confirming that all changes were duly authorized by the rightful owner of the wallet's address, a verification process accessible to everyone.
Now, why did we go through all this explanation? To provide you with a solid understanding of what the signature process entails and how threshold signatures integrate into these concepts. Firstly, it's crucial to note that threshold signatures are a component of a broader topic known as Multi-Party Computations (MPC), a term often used interchangeably. Multi-party computation involves parallel computations executed independently by multiple parties, collaborating to calculate a common result. While this result could be diverse, our focus is specifically on the signature within this context. When people discuss MPC and, particularly, threshold signatures, they are essentially referring to distributed signature calculations.
As mentioned earlier, the private key is analogous to the key in the PO box analogy. In the context of the threshold signature, the private key concept involves splitting the key into parts (referred to as key shards or key shares). Only when these parts are combined can the PO box be opened. Importantly, in the Threshold Signature Scheme, these key shards are never actually merged together; they consistently remain private to their holders at all times, a point we will delve into later. Similarly, when sending a message, multiple key share holders calculate their shard (or share) of the stamp, and these shards are then summed up to reveal the actual message stamp. We hope the analogy is now clearer.
In the Threshold Signature Scheme, the wallet address remains the same and functions exactly like a typical blockchain wallet address. The alteration occurs in the private key and signature process. The threshold signature scheme is a process where multiple parties initially generate private key shards, similar to how private keys are conventionally generated. These private key shards, akin to public key cryptography, always remain private and known only to their holders. Once the key shards are ready, the group of potential wallet members can determine the resulting public key and, essentially, the blockchain address. It's a straightforward process—each private key shard owner reveals their corresponding public key shard, these shards are summed up, and then encoded into the address. Consequently, what is known as a private key in traditional public key cryptography remains unknown to anyone, including the wallet shard owners.
The transaction signature is computed similarly—each private key shard holder calculates their part of the signature, and then these computed parts are summed up to reveal the message signature. A resulting signature produced via the threshold signature scheme will verify that the owners of the private key shards have collectively approved a transaction, as they were aware of what they were signing.
The term "Threshold signature" stems from the fact that the setup can be arranged so that only a portion of these private key shards is required to sign a transaction. This is referred to as a wallet schema, and here's where the similarity between multisig and Threshold signature wallets emerges. The wallet schema (or structure) is defined during the initial step of computing the group wallet address and cannot be adjusted afterward. Often, you might hear people saying "2-of-3 multisig" or "3-of-5 wallet," indicating a total of 3 participants with a threshold of 2 approvals required for the signature to be computed. In the latter case, this means a total of 5 participants with a minimum of 3 approvals required.
Wallets created through the threshold signature schema share many similarities with Bitcoin multisigs in several key aspects. Much like Bitcoin multisigs, where each party privately holds their own private key, the threshold signature schema involves each party generating and safeguarding their private key shard privately throughout. The actual address is only revealed at the end and cannot be ascertained until the very final step of wallet initialization. Additionally, akin to Bitcoin multisigs, the generation of threshold signature wallets occurs off-chain, irrespective of the network for the wallet address.
These similarities provide several advantages. Firstly, the transaction fees are significantly lower in the case of threshold signature wallets. This is attributed to the fact that, unlike Bitcoin multisig wallets where each Unspent Transaction Output (UTXO) requires multiple public keys and signatures, Bitcoin wallets constructed using the threshold signature schema will contain only one public key and a single signature per UTXO. Consequently, this dramatically reduces the transaction size, resulting in lower transaction fees. To provide a scale of potential savings when using threshold signature wallets for Bitcoin, let's consider a scenario where Bitcoin network fees escalate due to network congestion, causing a single user transaction to soar to $10. While this is not an uncommon situation, it does occur periodically. The fee reduction offered by a threshold signature wallet in this case is at least ~2.5 times for a 2-of-2 wallet and could easily be 6 times cheaper for a 3-of-5 wallet, saving ~50$ per transaction.
Another advantage introduced by the threshold signature is participant privacy compared to standard multisigs. In Bitcoin multisig wallets, all wallet participants need to be listed for each UTXO. However, in a threshold signature wallet, the only publicly known information is the wallet’s public key. Knowledge of this public key does not disclose any details about the number of participants in the wallet or their identities. Similarly, in the case of a signature, one cannot ascertain whether the transaction was signed by an individual or a group of users/devices.
There is a slight disadvantage to this technology—any computation requires the involved participants to be online. Therefore, if you create a new 3-of-5 threshold signature wallet, all 5 people must be online during wallet initialization, and only any 3 of them need to be present to compute a signature.
There are several areas where threshold signatures outperform single-user accounts or standard multisig wallets, particularly in the context of group ownership of funds. One remarkable property of the threshold signature schema is its scalability across various blockchains without requiring adjustments. This universality stems from the fact that most blockchains rely on a few cryptography algorithms. Major blockchains like Bitcoin, Ethereum, and Tron, for instance, use the same cryptography algorithm schema. Once you grasp how to create and operate a threshold signature wallet on one chain, you automatically acquire the skills for all other chains. In contrast, popular multisig wallets often differ significantly across blockchains, necessitating users to comprehend the technicalities specific to each blockchain. For example, in Ethereum, users must deploy a smart contract and interact with it, while in Tron, users need to notify the chain about the wallet's multisig mode, both of which are complex and costly operations.
If this technology offers substantial advantages, why isn't it more widely adopted? So, what's the catch? Threshold signature wallets for Bitcoin and Ethereum are relatively recent discoveries, and while the technology is robust, awareness remains limited. Additionally, the lack of ready implementations from various projects and the scarcity of developers with in-depth technical understanding hinder widespread adoption.
Initially, threshold signature multisigs were exclusive to large institutional players, provided by tech-oriented companies at considerable costs, often reaching tens of thousands of dollars in yearly subscriptions. However, technological progress has made such solutions increasingly accessible to average users, eliminating the need for astronomical fees.
Although there are limited applications offering threshold signature wallets, one notable exception is TotalSig. This multichain multisig wallet supports major blockchains and is free for private users. TotalSig allows you to create wallets on different blockchains and have multiple wallets per blockchain, providing flexibility in organizing and structuring your finances according to your preferences.
Available on multiple platforms, TotalSig caters to both businesses and individuals. For instance, you can establish a 2-of-3 wallet, keeping one key on your PC and the other two on different mobile phones, enhancing fund security at zero additional cost and reducing the risk of being locked out if one key is lost.