An Introduction to Threshold Signature Wallets With MPC

Cryptography is a primary means of protecting digital information, typically through encryption. In modern cryptography, the algorithms are standardized and well known but the keys are secret. Many algorithms are so advanced that even the most powerful computers cannot defeat them. So, hackers focus on stealing the secret keys instead. Therefore, the effectiveness of protecting data through cryptography is primarily dependent on maintaining secrecy of the cryptographic keys.  

For cryptocurrencies like Bitcoin and others, one or more private cryptographic keys are used to generate an Elliptic Curve Digital Signature Algorithm (ECDSA) signature which allows coins to be deducted from an account. Protecting these private keys is paramount to protecting the wallet and the wallet holder’s associated digital assets. 

Threshold Cryptography is a subfield of cryptography with a primary goal of protecting the confidentiality or secrecy of data, such as a cryptographic key, while also enhancing other properties such as integrity and availability. Integrity and availability are critically important to assure that keys are not only obscured from adversaries but also functional and uncorrupted when needed, otherwise transactions might not execute when intended. 

Threshold Cryptography requires that some form of “computation” is performed over secret shares of inputs. When used to protect keys, the secret shares may be fractions of one entire key used to generate an ECDSA signature. Ideally, the key shares are held by completely independent parties (also known as approvers), with different devices, in different networks to maximize security. 

Multiparty computation (MPC) is yet another subfield of cryptography that allows mutually distrustful parties to compute a function of their combined secret inputs, without revealing their inputs to one another or a trusted third party. MPC is gaining interest in a variety of use cases, but has gained substantial interest due to its ability to preserve the secrecy of key shares used to generate ECDSA signatures, without having to trust the participating approvers or any third party. 

Threshold Cryptography can be implemented using MPC for the “computation” function across multiple distributed key shares to generate an ECDSA signature. This approach allows multiple parties, acting as multiple transaction approvers, to each provide their secret share of a private key to MPC algorithms running locally on their device to generate an ECDSA signature. When the minimum number of pre-defined approvers provide their shares, a signature is generated without ever creating an entire key or ever recombining shares into a whole key on any device, at any time. This functionality is referred to as Threshold Signatures using MPC.  

The threshold aspects of Threshold Signatures (a.k.a. ThresholdSig) combines with MPC to assure that private keys are never stolen and used to fraudulently withdrawn funds from an associated account. The threshold nature also allows a defined threshold of parties or key shares to become corrupted and still allow legitimate transactions to be signed. Similarly, threshold parameters can be defined where a subset of approvers such as m of n potential approvers can sign for a transaction, assuring transaction availability even when one or more parties is corrupted or unavailable. Thresholds can also be defined to specify the minimum number of parties that must be available to recreate a lost key share to recover from potential key loss. 

Collectively, the attributes of Threshold Signatures using  MPC are well suited to secure transactions such as cryptocurrencies, and to do so with higher levels of security, integrity, and availability than is practical to achieve with any other known cryptographic signature schemes.  In fact, as discussed in another article, Threshold Signatures with MPC are demonstrably more secure and offer multiple preferable attributes over MultiSig, the historic predominant multiparty approval scheme used by cryptocurrencies.