Threshold Cryprography

Threshold Secret Sharing(TSS)

This sections borrows from Binance

Threshold cryptography or TSS is used in this case to secure wallets for shakesco users. Rather than having a single private key that can be exploited by an attacker with adequate resources and time, the system distributes shares of this private key a to n parties where t+1 parties can provide a valid signature for any computation they want to achieve, in this case signing wallet transactions. The system is somehow similar to traditional Multisig but with advantages:

  1. Transactions don’t reveal the t+1 parties that signed
  2. One signature is produced for verification
  3. Due to reason 2 above nodes don’t have to go through extra computation to validate signature

To have a secure system we employ TLS-AEAD (Transport Layer Security-Advanced Encryption with Associated Data). Participants can be sure that any output by the TSS system is end-to-end encypted.

📓 Note: To make this user friendly at the start, user stores an encrypted share on a remote server and the other encrypted share is sent to their device. In the future, they will decide the m-of-n structure that they want to employ.

The following are the steps to produce shares between parties:

  1. Key Generation
  2. Signing
  3. Resharing

Key Generation

With no trusted dealer n parties can produce shares of private key a encrypt and store them locally and any t+1 parties can produce a valid signature. The system must ensure that the n parties have the same public key P but different secret shares an. The system guarantees that no share will be leaked to any eavesdropper and that the public key is a function of the secret shares an

Signing

When users want to perform computation,in this case signing, only t+1 can participate to produce a valid signature. The parties don’t have to reconstruct the shares in order to produce a valid signature unlike what is observed in Shamir Secret Sharing. This introduce an attack vector we avoided with distbuted key generation above, single point of failure. The system guarantees that during this computation the t+1 parties learn nothing about an and the output sig can be verified by the public key P.

Resharing

In case any of the n participants is compromised the participants can reshare their secret shares and get new ones. Old shares will be made invalid and they can use the new shares for future computations. This is a naive approach and we believe proactive refresh is better. We are working on it!