A few days ago, HyperPay wallet introduced TSS (Threshold Signature Scheme) advanced cryptography technology, and was the first to implement it in HSM (Hardware Security Module). HyperPay has fully implemented the ECDSA TSS solution and applied it in HSM. Through the encrypted interaction of multiple HSMs, the final signature is jointly calculated, which saves the on-chain multi-signature fees and avoids the on-chain multi-signature loopholes. It is the first time in the industry that combines TSS and HSM technologies to create the highest security level of off-chain products and wallet. HyperPay will maintain the unremitting pursuit of security technology in the subsequent business development, and maintain the security of the business operating environment.
Digital assets, a form of currency based on computer information technology, came into being due to the development of modern information technology and application. It improves transaction security because of its characteristics such as traceability, anti-counterfeiting, and anti-tampering, and has developed rapidly based on the government-encouraged blockchain technology.
However, the security accidents of blockchain digital assets are on the rise, caused by miscellaneous reasons, so the management and security problems of large assets have become the enduring focus in the industry.
Since the underlying logic of the public chain and smart contract may have loopholes, hackers may be lurking in them, waiting to steal the assets on the chain. Once the assets on the chain are stolen, the possibility of recovery is small, and it is clear that using multi-signature to protect the security of assets can no longer kept up with the needs of technological iteration.
New Direction of Asset Security Technology – TSS (Threshold Signature Scheme)
Threshold signature is a distributed multi-party signature protocol, including distributed private key generation, signature and verification algorithms. In recent years, with the rapid development of blockchain technology, signature algorithms have gained widespread attention in academic research and commercial applications, especially in the dimensions of security, ease of use, scalability, and distributability.
Because of the close and important connection between blockchain technology and signature algorithms, the development and the introduction of new paradigms of signature algorithms will directly affect the characteristics and efficiency of blockchain networks. In addition, the private key management needs of institutions and personal accounts inspired by distributed ledgers have also hastened the birth of many wallet applications, and this change has even spread to traditional enterprises.
Whether in blockchain or traditional financial institutions, threshold signature schemes can bring security and privacy improvements in a variety of scenarios. As an emerging technology, threshold signatures are still under academic research and implementation discussions. Among them, there are still unverified security risks and inconveniences.
Notes: Hardware Security Module is a computer hardware device used to protect and manage the digital private key for a strong authentication system and provide related cryptographic operations. Hardware Security Module is generally directly connected to a computer or network server in the form of an expansion card or an external device.
Traditionally, multi-signature technology is achieved based on the blockchain, such as Bitcoin-based native multi-signature (OP_MULTISIG) and Ethereum smart contract-based multi-signature. Those are implemented through the rules of the blockchain itself. Multiple signatures are combined together and put into the transaction body, and when the node receives the signature, it will verify whether all the signatures are successful through the corresponding public key. Only when all (that reaches the threshold) being successfully verified are considered the transaction is legal.
Then the TSS technology was first proposed in the cryptography field at the end of the 20th century. It progressed slowly, and due to the small demand for threshold cryptography at that time, there was no major breakthrough around 2017. There were many algorithms based on two-party TSS (ie 2-2 multi-signature), but were low-performance and impractical.
The Real Development of TSS
In recent couple of years, with the rapid development of blockchain technology, the significant increase of DeFi market value, this decentralization technology has been paid attention to by mainstream cryptographers again, the research on TSS technology based on ECDSA algorithm especially active. Israeli cryptographer Yehuda Lindell proposed fast 2-party TSS in 2017, and improved to fast n-party TSS in 2019; at the same time, Gennaro on behalf also proposed another n-party TSS in 2019 which has basically the same experimental performance as the former.
What differs TSS technology from traditional multi-signature on the chain is that TSS can be regarded as off-chain multi-signature. There is only one private key on the chain, and the single private key is dispersed into n components through cryptography. When signing, the final signature is jointly calculated through multi-party interaction, and this signature can pass the verification of the corresponding single public key. It is called MPC (multi-party computing) technology.