zero-chain icon indicating copy to clipboard operation
zero-chain copied to clipboard
verified publisher icon LayerXcom

Support for multi-sig/threshold signature scheme

Open osuketh opened this issue 6 years ago • 4 comments

It would be a group-based style. Public group key is used as an accountId.

osuketh avatar Mar 31 '19 14:03 osuketh

Jubjub or BLS or some zk thing?

If JubJub then Schnorr multi-sigs require three round trips between all signers. I've included references with the schnorrkel musig implementation on Ristretto https://github.com/w3f/schnorrkel/blob/master/src/musig.rs but you'd want need Ristretto for JubJub or to address the cofactor. We'll eventually devise some two round trip variant of mBCJ https://github.com/w3f/schnorrkel/issues/15 but not actually working much on that right now.

It's dangerous to use BLS for accounts for a few reasons, like HDKD breaks BLS with typical malleability.

burdges avatar Apr 01 '19 00:04 burdges

It would be jubjub. The scheme might be the following and I'm actively researching on it.

  • https://github.com/zcash/zcash/issues/3729
  • https://eprint.iacr.org/2018/068.pdf

I actually intended to implement Ristretto for jubjub in a different context, so your information is helpful! Thank you so much.

osuketh avatar Apr 01 '19 06:04 osuketh

You might find https://github.com/w3f/schnorrkel/blob/master/src/musig.rs useful then since it already expresses the musig protocol in session types.

burdges avatar Apr 01 '19 08:04 burdges

  • https://github.com/zcash/zips/pull/221
  • https://github.com/zcash/zcash/issues/3946
  • https://github.com/KZen-networks/paradise-city

osuketh avatar May 02 '19 05:05 osuketh