Introduction: This is Hierarchical Threshold Signature Scheme (HTSS) worked by The main merit of HTSS is vertical access control such that it has “partial accountability”. Although TSS achieves joint control to disperse risk among the participants, the level of all shares are equal. It is impossible to distinguish which share getting involved in an unexpected signature. TSS is not like the multi-signature scheme as the signature is signed by distinct private keys in multi-signature scheme. It is because Shamir’s secret sharing only supports horizontal access control. For example, an important contract not only requires enough signatures, but also needs to be signed by a manager. Despite the fact that vertical access control can be realized on the application layer and tracked by an audit log. Once a hack happens, we will have no idea about who to blame for. However, in HTSS framework, through assigning different ranks of each share induces that any valid signature generated includes the share of the manager. HTSS has been developed by
This code will be audited soon.
One of references of HTSS is A Hierarchical Threshold Signature
or See Example
Table of Contents: Implementations
(DKG) Signer (GG)
CCLST (Reshare ) Usage (Peer) (DKG) (Signer) (Reshare) Examples Standard threshold signature DKG (Signer) Hierarchical threshold signature DKG (Signer) Benchmarks (GG) CCLST Appendix Security levels of two homomorphic schemes Useful Cryptography Libraries References Other Libraries Implementations:
Like the classical TSS, HTSS also contains three protocols: Signer: Signing for using the secret shares to generate a signature .
The algorithms can be downloaded in
here
.
If all levels of shares are zero, then HTSS reduces to the classical TSS. (ie In this case, Birkhoff interpolation reduces to Lagrange Interpolation).
After perform the progress of DKG, each participant will get ( x-coordinate, share, rank). Assume that the threshold is 3. Therefore, any three shares (x-coordinate, rank): (x1, n1), (x2, n2), (x3, n3) with n1
Let threshold=3, and participants=4. Assume that the corresponding rank of each shareholder are 0, 1, 1, 2. Then authorized sets in this setting are
The other combinations of shares can not recover the secret (eg 1, 1, 2).
DKG:
We implement a modified version of DKG in Fast Multiparty Threshold ECDSA with Fast Trustless Setup . We point out the different parts: (Replace Lagrange interpolation with) Birkhoff interpolation and generate own x-coordinate respectively.
CCLST: (Replace Lagrange interpolation with) Birkhoff interpolation .
In the beginning of signer, we generate different parameters for each participant in the homomorphic encryption scheme. In their protocol, all participants use the same parameters but different key-pairs, which are generated in DKG.
All zero-knowledge proofs are non-interactive version (ie This part will be audited soon).
It is the standard algorithm replacing Lagrange interpolation with Birkhoff interpolation
. Usage: Peer: (SelfID) : Return the self ID. (MustSend) : Send message to the specific peer.
Before you try to go through a multi-party algorithm, you should create a peer manager instance first. Here is an example for DKG.
Let threshold=3, and participants=4. Assume that the corresponding rank of each shareholder are 0, 1, 1, 2. Then authorized sets in this setting are
The other combinations of shares can not recover the secret (eg 1, 1, 2).
DKG:
We implement a modified version of DKG in Fast Multiparty Threshold ECDSA with Fast Trustless Setup . We point out the different parts: (Replace Lagrange interpolation with) Birkhoff interpolation and generate own x-coordinate respectively.
It is the standard algorithm replacing Lagrange interpolation with Birkhoff interpolation
Before you try to go through a multi-party algorithm, you should create a peer manager instance first. Here is an example for DKG.
GIPHY App Key not set. Please check settings