Big thanks to @wpstudio for sharing the link in chat
Today we are pleased to release our paper presenting a new ECDSA threshold signature scheme that is particularly well-suited for securing Bitcoin wallets. We teamed up with cryptographer Rosario Gennaro to build this scheme. Threshold signatures can be thought of as “stealth multi-signatures.”
Previously, I motivated the need for threshold signatures to increase Bitcoin wallet security. For individuals, thresholds signatures allow for two-factor security, or the ability to split signing control between two devices. For businesses, threshold signatures allow for the realization of access control policies that prevent both insiders and outsiders from stealing corporate funds. As we mentioned there and discuss at length in our paper, Bitcoin’s built in multisignatures are insufficient as they have serious anonymity and confidentiality drawbacks.
I also discussed why building a threshold signature scheme that is compatible with the ECDSA signature scheme used by Bitcoin is so difficult. We presented a toolbox of options, none of which is perfect but which we believed was a useful starting point. Since that post, we had discussions with businesses that want to implement our techniques, and it turned out that they wanted the best-of-both-worlds properties from the crypto. In particular, they wanted a scheme that required no trusted precomputation, and in which they could realize a t-of-n access control for any t <= n.
We have released the code for our two-factor implementation, and we welcome community involvement to bring our prototype implementation to production quality as well as to build a reference implementation of our multiparty protocol.
Read the full story here.