Author: Gregory Maxwell 2014-03-29 14:36:58
Published on: 2014-03-29T14:36:58+00:00
In an email conversation on March 29th, 2014, Watson Ladd disputed the notion that to compute a signature from shares without reconstructing the private key was impossible. He suggested using MPC techniques and claimed there was a paper discussing this technique for Bitcoin. However, he did not know where it was located. Another contributor added that one could only do so if the technique used was carefully selected to make it possible. The contributor believed that the proposal discussed in the email did not have this property. They advocated that a BIP standardization should include a formulation that allows for this method.The paper Watson Ladd referred to is available at http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.67.9913. Additionally, some researchers from Princeton were working on refining the technique and applying it to Bitcoin.Finally, one can use the secret sharing from threshold ecdsa in two ways: recombining the private key and sign or computing a secret shared signature and then interpolating back the signature. The latter avoids the need for any trusted device holding the signature.
Updated on: 2023-05-19T18:26:13.704176+00:00