A few days ago, HyperPay wallet introduced TSS (Threshold Signature Scheme) advanced cryptography technology, and was the first to implement it in HSM (Hardware Security Module).
HyperPay has fully implemented the ECDSA TSS solution and applied it in HSM. Through the encrypted interaction of multiple HSMs, the final signature is jointly calculated, which saves the on-chain multi-signature fees and avoids the on-chain multi-signature loopholes. It is the first time in the industry that combines TSS and HSM technologies to create the highest security level of off-chain products and wallet. HyperPay will maintain the unremitting pursuit of security technology in the subsequent business development, and maintain the security of the business operating environment.
Digital assets, a form of currency based on computer information technology, came into being due to the development of modern information technology and application. It improves transaction security because of its characteristics such as traceability, anti-counterfeiting, and anti-tampering, and has developed rapidly based on the government-encouraged blockchain technology.
However, the security accidents of blockchain digital assets are on the rise, caused by miscellaneous reasons, so the management and security problems of large assets have become the enduring focus in the industry.
Since the underlying logic of the public chain and smart contract may have loopholes, hackers may be lurking in them, waiting to steal the assets on the chain. Once the assets on the chain are stolen, the possibility of recovery is small, and it is clear that using multi-signature to protect the security of assets can no longer kept up with the needs of technological iteration.
New Direction of Asset Security Technology – TSS (Threshold Signature Scheme)
Threshold signature is a distributed multi-party signature protocol, including distributed private key generation, signature and verification algorithms. In recent years, with the rapid development of blockchain technology, signature algorithms have gained widespread attention in academic research and commercial applications, especially in the dimensions of security, ease of use, scalability, and distributability.
Because of the close and important connection between blockchain technology and signature algorithms, the development and the introduction of new paradigms of signature algorithms will directly affect the characteristics and efficiency of blockchain networks. In addition, the private key management needs of institutions and personal accounts inspired by distributed ledgers have also hastened the birth of many wallet applications, and this change has even spread to traditional enterprises.
Whether in blockchain or traditional financial institutions, threshold signature schemes can bring security and privacy improvements in a variety of scenarios. As an emerging technology, threshold signatures are still under academic research and implementation discussions. Among them, there are still unverified security risks and inconveniences.
Notes: Hardware Security Module is a computer hardware device used to protect and manage the digital private key for a strong authentication system and provide related cryptographic operations. Hardware Security Module is generally directly connected to a computer or network server in the form of an expansion card or an external device.
Traditionally, multi-signature technology is achieved based on the blockchain, such as Bitcoin-based native multi-signature (OP_MULTISIG) and Ethereum smart contract-based multi-signature. Those are implemented through the rules of the blockchain itself. Multiple signatures are combined together and put into the transaction body, and when the node receives the signature, it will verify whether all the signatures are successful through the corresponding public key. Only when all (that reaches the threshold) being successfully verified are considered the transaction is legal.
Then the TSS technology was first proposed in the cryptography field at the end of the 20th century. It progressed slowly, and due to the small demand for threshold cryptography at that time, there was no major breakthrough around 2017. There were many algorithms based on two-party TSS (ie 2-2 multi-signature), but were low-performance and impractical.
The Real Development of TSS
In recent couple of years, with the rapid development of blockchain technology, the significant increase of DeFi market value, this decentralization technology has been paid attention to by mainstream cryptographers again, the research on TSS technology based on ECDSA algorithm especially active. Israeli cryptographer Yehuda Lindell proposed fast 2-party TSS in 2017, and improved to fast n-party TSS in 2019; at the same time, Gennaro on behalf also proposed another n-party TSS in 2019 which has basically the same experimental performance as the former.
What differs TSS technology from traditional multi-signature on the chain is that TSS can be regarded as off-chain multi-signature. There is only one private key on the chain, and the single private key is dispersed into n components through cryptography. When signing, the final signature is jointly calculated through multi-party interaction, and this signature can pass the verification of the corresponding single public key. It is called MPC (multi-party computing) technology.
MFC, as the name implies, is a secure calculation done by multiple participants. The security here means that in a calculation, all participants can provide their own private input and get the calculation result, but each cannot obtain any information entered privately by other participants.
Specifically, MFC focuses on the following qualities:
Privacy: no participant can obtain any private input data of other participants, except for information that can be inferred from the calculation results.
Correctness and verifiability: calculation is able to be correctly executed, and the legality and correctness of this process can be verified by participants or third parties.
Fairness or robustness: The parties involved in the calculation, unless agreed in advance, should be able to obtain the calculation result at the same time or no one obtains the result.
Technical Advantages of MFC
Through MPC, all parties can jointly calculate the final result without revealing their own information. It mainly solves the problem of protecting privacy between a group of untrusted parties in a collaborative computing. MPC must ensure the independence of input, the correctness of calculation, decentralization and other characteristics, while not revealing each input value to other members participating in the calculation. For example, zero-knowledge proof (ZK), which is popular at present, can be regarded as a one-time MPC method.
There’s also another scheme similar to TSS was proposed by Shamir in 1960. This scheme is based on a secret sharing algorithm. Like TSS, this scheme also disperses the private key into n components, but the difference is that the private key must be completely synthesized when signing, otherwise, it is impossible to generate a signature.
Comparing these three technologies, it is found that the implementation cost of multi-signature on the chain is lower, mainstream public chains such as Bitcoin, Ethereum, EOS all having corresponding multi-signature methods on the chain, which only need the support of wallet software, but the transaction fee is very high (each node has to pay a certain gas fee to upload external data to the blockchain. Although the use of a large number of oracles can ensure the security and reliability of the decentralized consensus, the cost is high and it is not the best choice, unless the contract itself has a high value.), and the software needs to be specifically supported for different public chains; the implementation of multi-signature off-chain is difficult, the algorithm theory studied is not yet complete, and the project implementations are not many, but it shows a single signature on the chain, it is supported by all mainstream wallet software, it required low handling fee and has high versatility (e.g. ECDSA TSS can support 99% of mainstream public chains). Moreover, it is extremely secure as no private key has ever appeared completely in the entire algorithm cycle; the Shamir secret sharing scheme requires hardware cooperation, otherwise the risk of recovering the complete private key in the software is higher, which can be considered as both advantage and disadvantage.