Explore the potential for using threshold signatures with the Identity Key

[frankhinek]

I was considering recovery options, particularly for organizations with stringent requirements. One experimental idea to explore is the use of Schnorr threshold signatures for the identity key.

This approach is not as commonly adopted for Ed25519/Ed448 compared to NIST and SECG elliptic curve algorithms. However, there is some research and development in this area. For instance, this IETF draft & reference implementation by Hallam-Baker on threshold signatures and a detailed explanation of threshold Ed25519 in the context of resilience and trust offer valuable insights.

A quick and non-exhaustive search revealed several implementations of Schnorr signatures on the Ed25519 curve for both single and threshold numbers of signers (FROST):

• Go
• Rust
• Rust

Implementing Schnorr threshold signatures could enhance the security and recovery capabilities of DID DHT identities, aligning with the needs of organizations requiring higher levels of identity assurance and recovery options. In theory, it shouldn't require any spec changes since AFAIK, Schnorr threshold signatures can compatible with RFC8032 signature verification.

Time permitting, we should explore the potential more thoroughly.