Threshold Signature Scheme (TSS)

Threshold cryptography is one of the most secure methods for performing cryptographic operations. To understand, cryptography is a field of computer science that creates the conditions for secure and confidential communication between two or more parties without outside influence.

In practice, cryptographic methods aim to receive, transmit, and store confidential information in encrypted form between interested parties to prevent other individuals, organizations, or programs from obtaining the data. Cryptography aims to create secure ecosystems.

In 1994, Alfredo et al. proposed one of the first security-related systems based on threshold cryptography. Initially, the only significant threshold users of cryptosystems were military governments and organizations that held sensitive information. Threshold cryptosystems protect information by encrypting and distributing secrets among a group of independent computers that are classified as fault-tolerant. Fault tolerance is the ability of a system to continue operating despite failures or malfunctions.

As the name implies, threshold cryptography allows individual keyholders to encrypt a secret in such a way that no keyholder can open a lock individually. Instead, a minimum number of keyholders among all keyholders (a threshold number) is required to decrypt the secret.

A minimum threshold can be used to guarantee that a secret remains secure even if some of the participants collude. Essentially, threshold cryptography ensures that one person doesn't have complete power, which can lead to vulnerabilities in the system. It also ensures that a secret can be revealed even if one or more people are not available and that there are no bottlenecks. This makes the system fault tolerant.

Key signing occurs when nodes need to approve an outgoing transaction from secondary storage. A transaction is first submitted to a specific store for approval. Nodes that support that store are ready to sign a transaction. When there are enough nodes, the output begins. When it's ready, all nodes attempt to send the transaction to a connected network. One of them is accepted.

Code is required to translate this outgoing message from the YAR format to an external network.

Preventing attacks

During key generation, each node verifies that other nodes haven't done anything wrong. The system also ensures that nodes don't cheat by using a commit authorization scheme. This ensures that nodes cannot cheat the system by saying one thing, accepting it, and then quickly changing it in their favor.

Key signing prevents fraud because nodes only sign messages that are outside the network.

Last updated