Multiparty Threshold ECDSA

Preliminaries

• Math
• Cryptography
  • Basic
  • Advanced
• Blockchain

Publications

GG-series

• [GG18] Fast Multiparty Threshold ECDSA with Fast Trustless Setup

  • Paper
    • Revised
      • ZK range proofs
    • 中文實例說明(看懂這篇就全懂了，厲害👍)
  • Source Code
    • Golang code from Binance]
  • [Video]ACM CSS 2018
  • Known Attacks on GG18
    • 2021 Alpha-Ray: Key Extraction Attacks on Threshold ECDSA Implementations
      • (HackMD)'Alpha-Rays' behind the scenes
      • (Fireblocks) A Note on the Security of GG18
      • Reply from Cybavo
      • (Reply from SFAEHERON)Finding from iString Lab
    • 2020 (ZenGo X) Attacking Threshold Wallets
      • (Video)Multiple Bugs in MPC: Breaking Cryptocurrency's Strongest Wallets
        • Slide
      • Slide 20
      • Slide 21
      • (Velas)Counter-Strike: Threshold Attack
      • Pull Request for Golden Shoe Attack from Binance
      • PR for disable without range proofs from ING-bank
      • CVE-2020-12118)

• [GG20] One Round Threshold ECDSA with Identifiable Abort

  • Paper
  • Source code from Coinbase]
  • Known Attacks on GG20
    • 2021 Alpha-Ray: Key Extraction Attacks on Threshold ECDSA Implementations
      • Pull Request from Coinbase

• [GG21] UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts

  • Paper
  • Announcement from Taurus

  

  • [Source code]

    • (Taurus Group)Implementation
    • [Rust] Webb - CGGMP Threshold ECDSA Distributed Key Generation Protocol
      • Implementing all ZKPs for 4-round (O(n^2)) identifiable abort

  • [Video] Short Concept Introduction

  • Introduction from Fireblocks

    • [Short Video]Introduction on the main concept of GG21

  • Presentation in NIST

    • (video) Technical Overview (Must Read)

  • Preliminaries

    • Proactive Key Refresh
    • Universally Composable (UC) Security Framework
    • leveraging Paillier Encryption (from wikipedia) as a commitment scheme
    • Pedersen Commitments
    • DDH

Techical Note

• Wallet Infrastructure Comparisons
• (Medium)On UC Non-interactive, Proactive, Threshold ECDSA
• (Coinbase)Threshold Digital Signatures
  • Deeper dive into threshold signatures

Other Publications

• 2021 Refresh When You Wake Up: Proactive Threshold Wallets with Offline Devices
  • Blog Article
• 2022 Better than Advertised Security for Non-interactive Threshold Signatures
  • Source Code(Python)
• 2022 Low-Bandwidth Threshold ECDSA via Pseudorandom Correlation Generators
• 2022 Fast Threshold ECDSA with Honest Majority
• 2022 On the security of ECDSA with additive key derivation and presignatures
• 2020 Threshold ECDSA for Decentralized Asset Custody
  • Source Code(Go)
• 2018 Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody
• 2020 Securing DNSSEC Keys via Threshold ECDSA From Generic MPC
  • another pre-signing protocol
  • [Video] MPTS 2020 Talk 3a2: Securing DNSSEC Keys via Threshold ECDSA From Generic MPC
  • [Slide]

---

Resources

• [Github] Multi-party ECDSA
  • including GG20
  • implemented by Rust
  • Using Signal Messager (P2P network) to replace broadcast channel
  • [Github] TSS ECDSA CLI utility
• [Github] Multiparty threshold ECDSA scheme by ING bank
  • based on GG18
  • implmeneted by Rust
  • P2P or Broadcast ???
  • Audit Report by Kudelski Security

---

Supplementaries

• Basic Concept of Cryptography
• Advanced Concept of Cryptograph

Multi Party Computation (MPC)

• History of MPC
  • created by Andrew Yao in 1980's
  • Yao's millionaires' problem
• [Video]Multiparty Computation in 5 mins
  • the best explanation video
  • XOR for multiple keys
  • Threshold Secret Sharing
    • Polynorminal interpolation
  • Average Salary
• [Video]Introduction to MPC in 6 mins
  • Average Salary
• [Video]Basic Concept of MPC [Refer to Slide]
• [2020Cryptography Meetup] A crash course on Secure Multiparty Computation (MPC)
  • Privacy Guarantees:
    • Computational Security
    • Statistical Security
    • Perfect Security
  • Output Guarantees:
    • Guaranteed Output Delivery (G.O.D.)
    • Fairness
    • Security with Abort
  • Beaver Triples (a.k.a Multiplication Triples)
  • Shamir Secret Sharing
    • [Video] Secret Sharing Explained Virsually
    • A Good Example with code
    • 中文範例 with code
    • An Interactive Emulator
• [Video] Threshold Signature Scheme(TSS) by Axelar Network
  • Good tutorial from very basic knowledge to TSS
• [Video] Introduction to Multiparty Computation (by Yehuda Lindell)
  • Secure Multiparty Computation (e.g. Salary Average)
  • Yao's Garbled Circuits
  • Secret Share Refresh - Proactive Security
  • Private Set Intersection (e.g. Google Ads.)
• MPC Alliance
  • Wiki
  • Learn (Books, Articles, Videos)
• (Sepior)MPC Digital Asset Wallet Considerations - Build vs. Buy
  • How to evaluate your wallet options?
• (Unbound Security)Cryptocurrency Protection with MPC & Threshold ECDSA
• 2013 Multi-Party Computation: From Theory to Practice(Nigel P. Smark at Google in 2013)
  • Fully Homomophic Encryption (FHE) + Multi-Party Computation (MPC)
    • In FHE one has a huge computational cost, but zero communication.
    • In MPC one has virtually no computational cost, but huge communication.
  • assume Linear Secrete Sharing is free
  • SPDZ protocol vs. NNOS protocol
  • more details At Microsoft Research in 2016
    • ##TODO##
• 2020 Threshold Secret Sharing - Gilad Asharov
  • Error Correction
    • Reed Solomon
    • Berlekamp-Welch Algorithm

---

Services

• Sepior - Advanced MPC Digital Asset Wallet & Custody Infrastructure
• Fireblocks - an easy to use platform to create new blockchain based products and manage day-to-day digital asset opterations

---

Reference

• MPC Alliance
• Key Length Comparison
  • Provide a mapping table for many standards, e.g. NIST, BSI.