A Survey of Threshold ECDSA

Abstract

Threshold signing research progressed a lot in the last three years, especially for ECDSA, which is less MPC-friendly than Schnorr-based signatures such as EdDSA. This progress was mainly driven by blockchain applications, and boosted by breakthrough results concurrently published by Lindell and by Gennaro & Goldfeder. Since then, several research teams published threshold signature schemes with different features, design trade-offs, building blocks, and proof techniques. Furthermore, threshold signing is now deployed within major organizations to protect large amounts of digital assets. Researchers and practitioners therefore need a clear view of the research state, of the relative merits of the protocols available, and of the open problems, in particular those that would address “real-world” challenges.

This survey therefore proposes to:

  1. describe threshold signing and its building blocks in a general, unified way, based on the extended arithmetic black-box formalism (ABB+)
  2. review the state-of-the-art threshold signing protocols, highlighting their unique properties and comparing them in terms of security assurance and performance, based on criteria relevant in practice
  3. review the main open-source implementations available.

Adrian Hamelink
Adrian Hamelink
Cryptography Engineer

Adrian Hamelink is a cryptography engineer working with Aztec on PlonK-ish zkSNARKs. His research interests include zero-knowledge proof systems, threshold cryptography and multi-party computation.