Key Refresh With Static Account Addresses

Some common best practices for maximizing cryptographic security include using multiple parties to approve transactions and to refresh private keys periodically. Having multiple approvers reduces the probability that a hacker will be able to forge a signature. Private key refresh further decreases that probability as a hacker would have to break into all party’s systems concurrently and undetected, before shares are refreshed. Unfortunately, conventional private key refresh also results in a change to the public key which is the account number where payments are received for digital assets such as Bitcoin. The potential for frequently or randomly changing account addresses is an impediment for digital asset adoption. Fortunately, Threshold Signatures allow for multiparty approvals and key share refresh while maintaining static account addresses.

Threshold Signatures use multiparty computation (MPC) to allow multiple parties to approve a transaction and generate a digital signature. Threshold Signatures natively generate a share of a key on the device used by each of multiple approving parties. Collectively, the shares represent an entire private key, but the shares are never shared between parties or combined at any time. MPC simply computes across the devices to confirm a sufficient number of shares are available to generate a signature. This approach dramatically improves security and provides remarkable flexibility. 

For example, let’s make the highly simplified assumption that the private key has a numeric value of 3. MPC can represent that private key value in the form of discrete shares which when collectively added up equals 3.

Party 1’s Share: 401

Party 2’s Share: 99

Party 3’s Share: -497

Collective Value: 3

When we add all of those shares together, the value is 3, just like the private key. The difference is, if a hacker breaks into Party 1’s device they will find a value of 401. They cannot deduce the value of the private key from that data alone. If they hack into two systems they have discrete values of 401 and 99, and a combined value of 500. This is interesting, but the hacker still has no idea of the value of the private key. If they break into all three party’s devices concurrently they will have three values (401, 99, -497) and they can presumably determine the collective value is 3.

However, with key share refresh, the shares can be refreshed to a different set of shares such as:

Party 1’s Share: 100

Party 2’s Share: -564

Party 3’s Share: -461

Collective Value: 3

As you might imagine, we can create an infinite number of combination of values that when added up equals 3. So key shares can be refreshed an infinite number of times, if desired. The beauty is that during that entire process, the public key which is the published account which is uniquely derived from the private key 3 never has to change. It can be changed whenever desired, but that change does not have to occur when the key shares are changed.

This flexibility makes it easy to non-disruptively adjust to lost or stolen devices, hacks of devices, moves, adds, and changes. Collectively, these and other attributes of Threshold Signatures with MPC make the odds low that a hacker will successfully break into all three party’s systems, concurrently before any shares are refreshed, and without detection. In fact, when the values are sufficiently large and sufficiently random, and the devices are deployed in different networks, under different administrative domains the probability of a hack is comparable or less than with HSMs.

The result is Threshold Signatures increase security efficacy, and provide greater business flexibility to publish and maintain static account addresses.

Frank Wiener