Author: Omer Shlomovits 2018-11-28 08:13:08
Published on: 2018-11-28T08:13:08+00:00
The author of an email on the Bitcoin-dev mailing list is inquiring about non-interactive threshold signatures. The current best solution appears to be taking the DKG from GG18 without Paillier and the DLog PoK, using it for the threshold Schnorr DKG and for the ephemeral key distributed generation. This will cause the loss of robustness but will be more efficient. The purpose of using threshold security is to replace hardware security. The assumption is that it is better to trust that no more than t out of n different machines will get corrupted at the same time than to trust one secure hardware. Candidates for non-interactive threshold signatures do not seem to exist. The author provides links to whitepapers and implementations for reference.
Updated on: 2023-06-13T15:46:22.418735+00:00