One of references of HTSS is
- A Hierarchical Threshold Signature
- Introduction to Hierarchical Threshold Signature(revised version)
- Example.
After the project is cloned, we need to run below commands to initialize/update the sub-modules:
$ make init
If you need to rebuild protobuf, please run below command to install tools and build protobuf.
# Install tools
$ make tools
# Build protobuf
$ make protobuf
Like the classical TSS, HTSS also contains three protocols:
- DKG: Distributed key generation for creating secret shares without any dealer.
- Signer: Signing for using the secret shares to generate a signature.
- Reshare: Refresh the secret share without changing the public key.
Remark:
- Comparing to TSS, each share in HTSS is generated by DKG having difference levels (or called rank). The level 0 is the highest.
- If all levels of shares are zero, then HTSS reduces to the classical TSS. (i.e. In this case, Birkhoff interpolation reduces to Lagrange Interpolation).
- After perform the progress of DKG, each participant will get (x-coordinate, share, rank). Assume that the threshold is 3. Therefore, any three shares (x-coordinate, rank): (x1, n1), (x2, n2), (x3, n3) with n1 <= n2 <= n3 can recover the secret or sign if and only if n_i <= i-1 for all 1 <= i <= 3. In general, assuming the threshold is t, any t shares (xi,ni) with ni <= nj for all i < j can recover the secret or sign if and only if n_i <= i-1 for all 1 <= i <= t.
Example:
Let threshold = 3, and participants = 4. Assume that the corresponding rank of each shareholder are 0, 1, 1, 2. Then authorized sets in this setting are
- 0, 1, 1
- 0, 1, 2
- 0, 1, 1, 2
The other combinations of shares can not recover the secret (e.g. 1, 1, 2).
Use the same DKG in Fast Multiparty Threshold ECDSA with Fast Trustless Setup.
Our implementation is FROST: Flexible Round-Optimized Schnorr Threshold Signatures.