Since the 1970s, cryptography has assumed a certain value in order to provide the right security to computer systems.
The first form of cryptography was the asymmetric one known as PKC (Public Key Cryptography). In this type of cryptography there are 2 keys: one public and one private; while the public one can be provided to anyone, the private one is secret information that cannot be disclosed and represents the security of the whole system.
To obtain the two keys, it is necessary to use 3 distinct algortithms which respectively provide for:
- Generation of the public / private key pair;
- Generation of an encrypted text / signature;
- Decoding / verification process.
For the digital signature, which was one of the first applications of cryptography, the verification algorithm requires the entry of the private key which is the sole prerogative of the owner.
A message is attached to the signature so that whoever has the public key can verify its correctness.
Basically the blockchain is based on a similar and very simple process of digital signatures. Obviously, with appropriate algorithms, it is verified that the signatures are not falsifiable and that they are correct.
At the same time, modern cryptography has prepared various types of models including zero-knowledge tests, homorphic encryption and multiple-part computation; and these are just a few.
We come to the TSS
The Threshold Signature Scheme lays the foundations on MPC (Multiple Part Computation) whose study began about 40 years ago with Andrew C. Yao.
With this type of encryption, results can be achieved through the possibility of making 1 data hidden.
Suppose that in a company you want to know who has the highest salary, without disclosing the amounts; through the MPC, you can do this by keeping the salary hidden in the calculation.
The two main ones of the MPC are fairness and privacy:
- Correctness: the output produced by an algorithm is correct (as expected).
- Privacy: Secret input data belonging to one of the parties is not disclosed to the other parties.
Let's see how we can “merge” the characteristics of a digital signature with this type of cryptography model and how the three main phases of the digital signature are modified.
- Generation of the key, the first phase and also the most complex: in addition to the generation of the public key, it is necessary to create an individual secret called Secret Share. This Secret Share will be different for each party to which the public key has been communicated.
By doing so, you have: privacy as no data within the Secret Share is disclosed between the parties and correctness: the public key becomes a function of the Secret Shares.
- The signature: the generation of the signature will have as input data all the Secret Shares created in the previous phase and as public data to all, the message that must be signed. When everyone has secretly communicated their secret share, the message will be signed and no one will know of any other Secret Share that is not his.
- Verification: this part remains substantially unchanged compared to the classic digital signature (PKC); that is, anyone in possession of the public key can check and validate the signature.
From the implementation of this MPC cryptographic model and the classic PKC digital signature, the distributed signature called TSS (Threshold Signature Scheme) is obtained.
TSS and Blockchain
The step to be able to implement this type of signature on the blockchain is relatively short and simple, in fact it is a matter of replacing a full node dedicated to signing by distributing the Secret Shares to multiple nodes. In practice, the private key has distributed computations.
This procedure is being implemented by ChainLink for on-chain data validation by Oracles Node.
TSS and Multisig a necessary distinction
Some blockchains offer a possibility of TSS in their own software; in this case it is called Multisig.
The main and substantial difference is the approach of the two systems: both have similar objectives (distributed signature) but the working environment is fundamentally different.
Multisig works on-chain, while TSS, being simple and pure cryptography, works off-chain; furthermore, having the blockchain need to encode the Multisig, the privacy protocols could fail, as the Secret Shares would be exposed on the blockchain.
Therefore the cost of a transaction validated with multisig is higher because it is necessary to communicate all the information on the signatories to the blockchain.
Another difference that distinguishes them is that Multisig is specific to each blockchain, so a dedicated implementation from blockchain to blockchain is required.
While for what I said above, TSS is simple cryptography so it does not have to be adapted to the blockchain that uses it.
