Threshold Signature Schemes: Concepts
Understand (t, n) threshold cryptography and why distributing key material prevents single points of failure.
Single Key as Single Point of Failure
Traditional digital signatures use a single private key held by one party. If that key is compromised, stolen, or lost, all signatures made with it are potentially forged and the key cannot be recovered. High-value signing operations — code signing for operating systems, certificate authority key ceremonies, cryptocurrency wallet control — require stronger protection than any single party can provide.
Shamir's Secret Sharing
Shamir's Secret Sharing (SSS), invented in 1979, splits a secret s into n shares such that any t shares can reconstruct s, but fewer than t shares reveal nothing. The scheme uses polynomial interpolation over a finite field: s is the constant term of a random degree-(t-1) polynomial, and the shares are evaluations of this polynomial at distinct points. SSS is information-theoretically secure.
All lessons in this course
- Threshold Signature Schemes: Concepts
- Threshold ECDSA: Multi-Party Signing
- Distributed Key Generation Protocols
- Threshold Schemes in Blockchains and HSMs