I.Introduction As blockchain technology evolves, the demand for cryptocurrency wallets has been steadily increasing. From early single-signature wallets to later, more secure multi-signature and threshold wallets, the primary distinctions among these wallets lie in their key generation and signature verification processes. They employ different technologies and algorithms.
Multi-signature wallets, as the name suggests, require multiple signatures. Both multi-signature and threshold wallets, distinguished by their algorithms, fall under the category of multi-signature wallets, as both require multiple signatures to authorize transactions. However, they have fundamental differences. When verifying the correctness of private keys or signatures during the signing process, if we differentiate multi-signature wallets based on on-chain or off-chain verification, we can categorize them as threshold wallets and multi-signature wallets. The former relies on off-chain Smpc algorithms, while the latter depends on on-chain Bitcoin scripts or Ethereum smart contracts. This article will further explore how to distinguish these wallets and how to choose among them.
II.Single-Signature Wallets Single-signature wallets represent the most basic form of cryptocurrency wallets, utilizing a pair of public and private keys for operations. The public key generates a wallet address to receive funds, while the private key signs transactions, proving ownership of the assets. Safe storage and management of private keys are among the primary challenges of cryptocurrency wallets. Furthermore, many wallets offer a mnemonic phrase feature, which converts private keys into a set of easy-to-remember words, assisting users in recalling and restoring their private keys.
III.Multi-Signature Wallets Multi-signature wallets necessitate multiple private keys for transaction signing. Designed to enhance security, these wallets prevent attackers from executing transactions even if one private key gets compromised. Multi-signature wallets typically find use in scenarios requiring joint control over funds, such as corporate shared accounts or DAO shared accounts.
Understanding multi-signature wallets can be likened to a corporate transfer process, which demands signatures from multiple high-level managers for completion. In blockchain terms, this entails having three pairs of public and private keys representing, for instance, the CEO, Deputy CEO, and CFO.
In single-signature wallets, the public key represents the receiving address. But in multi-signature wallets, what represents the receiving address? The concept of a “multi-signature address” is required. However, the original protocols and architectures of Bitcoin and Ethereum do not inherently support multi-signature addresses. Implementing multi-signature wallet functionality on-chain requires modifying the original protocol. In Bitcoin, the P2SH (Pay-to-Script-Hash) technique facilitates multi-signature wallets, while Ethereum plans to achieve this through smart contracts. Both technologies aim to enable multi-signature wallet functionality without altering the original protocols.
A.ECDSA Multi-Signature
In Bitcoin, P2SH is a unique address type that allows users to transact to a script hash address instead of a specific public key address. This script, often called a redemption script, determines how to spend the Bitcoins sent to this address. In multi-signature wallet scenarios, the redemption script can be set to require multiple signatures for unlocking. This is how ECDSA-based multi-signature wallets are realized.
In Ethereum, smart contracts are automatically executed programs running on the Ethereum Virtual Machine (EVM). They can be programmed to define and execute various complex rules. In ECDSA-based multi-signature wallet scenarios, smart contracts can be programmed to require multiple signatures for transaction execution. These signatures can originate from different private keys belonging to various participants. In such cases, the smart contract code defines the number of signatures required to approve the transaction and who the authorized signatories are. When a transaction needs execution, all signatories must sign it. These signatures are then submitted to the smart contract, which verifies their compliance with the defined rules. The smart contract only executes the transaction when all necessary signatures are provided and validated.
B.Schnorr Multi-Signature
The Schnorr signature algorithm’s primary advantage is supporting signature aggregation, improving efficiency and privacy while maintaining high security.
Bitcoin’s Taproot upgrade, which involved modifying the Bitcoin protocol to support Schnorr signatures, was activated in 2021 as one of the most significant protocol upgrades in Bitcoin’s history. Introducing Schnorr signatures, a more efficient and secure signing algorithm than Bitcoin’s original ECDSA signatures, Taproot offered signature aggregation as a key benefit. This feature is particularly useful in multi-signature wallets and also enhances privacy and scalability.
Ethereum does not support Schnorr signatures, mainly because Ethereum’s design and objectives differ from Bitcoin’s. As a general-purpose, programmable blockchain platform supporting smart contracts and complex applications, Ethereum’s focus is on flexibility and functionality rather than solely transaction efficiency and security. Moreover, Ethereum already has a mature cryptographic and signing mechanism based on ECDSA signatures. Introducing a new signing algorithm would necessitate extensive modifications to Ethereum’s underlying protocol, entailing significant work and potential new security risks. Thus, despite Schnorr signatures’ advantages, Ethereum has no current plans to support them.
C.BLS Multi-Signatures
BLS (Boneh-Lynn-Shacham) is a signature algorithm, with its main advantage being the ability to achieve compact, non-interactive multi-signatures. However, despite the benefits of BLS signatures, they are not currently supported by Bitcoin or Ethereum 1.0.
In Bitcoin, its underlying cryptographic library utilizes the ECDSA signature algorithm, an elliptic curve cryptography-based signature algorithm. To implement BLS signatures in Bitcoin, significant modifications to its underlying cryptographic library would be necessary to support the pairing-friendly elliptic curves required by BLS signatures. This would entail considerable work and could introduce new security risks.
Similarly, Ethereum 1.0 uses the ECDSA signature algorithm. Although Ethereum is a generic, programmable blockchain platform that supports smart contracts and complex applications, the implementation of BLS signatures on Ethereum 1.0 would also require substantial alterations to its underlying cryptographic library. This would likewise necessitate considerable effort and could lead to new security risks. Therefore, Ethereum 1.0 does not currently have plans to support BLS signatures.
However, Ethereum 2.0 does support BLS signatures. This is because one of the design goals of Ethereum 2.0 is to enhance scalability and efficiency, and the signature aggregation feature of BLS signatures can aid in achieving this goal. In Ethereum 2.0, validators need to sign each new block. If traditional signature algorithms were used, each signature would have to be verified individually, consuming significant computational resources. With BLS signatures, all signatures can be aggregated into a single signature and verified in one step, greatly improving efficiency. Thus, Ethereum 2.0 has selected BLS signatures as its core signature algorithm.
IV.Threshold Wallets Threshold wallets are multi-signature wallets that rely on Secure Multiparty Computation (SMPC) algorithms. In these wallets, the signing process happens off-chain, and only the final signature is published on-chain. A characteristic of threshold wallets is that they can complete a signature with only a specific number of private keys, without requiring all private keys.
Threshold wallets are mainly divided into two types: one is threshold wallets that adopt Shamir’s Secret Sharing (SSS) or Verifiable Secret Sharing (VSS) algorithms, and the other is Distributed Key Generation (DKG) threshold wallets. Their main difference is that the former generates a complete private key and then creates private key shards, while the latter directly generates private key shards without a complete private key.
A.Shamir’s Secret Sharing (SSS)
Shamir’s Secret Sharing was first proposed by the famous Israeli cryptographer Adi Shamir in 1979. It allows information to be broken down into multiple shares, and only a portion of those shares is required to reconstruct the original secret (private key). SSS is a fundamental secret sharing scheme that permits a secret to be securely divided and shared without any centralized trust entity.
In practical applications within multi-signature wallets, SSS can divide a private key into multiple parts, with each participant holding a piece. The complete private key can only be recovered when enough private key shards are collected. However, SSS itself does not provide any verification mechanism, meaning that if a malicious participant provides an incorrect secret share, the error may only be discovered when reconstructing the secret.
B.Verifiable Secret Sharing (VSS)
The concept of Verifiable Secret Sharing was first introduced in 1985 by Benny Chor, Shafi Goldwasser, Silvio Micali, and Baruch Awerbuch. In VSS schemes, each participant can verify whether the secret shard they received is correct after receiving it. This verification step ensures that even if a malicious participant provides an incorrect secret shard, it won’t affect the recovery of the secret.
In practical applications within multi-signature wallets, VSS can not only split private keys but also verify the correctness of the private key shards. VSS generates verification information alongside the private key shards to validate their correctness. Thus, even if someone attempts to forge a private key shard, it can be immediately detected.
C.Distributed Key Generation (DKG)
Distributed Key Generation protocol was first outlined in 1991 by Torben Pedersen, relying on the security of verifiable secret sharing in the Joint-Feldman Protocol. DKG is a more complex protocol that allows a group of participants to jointly generate a public key and a set of private key shards without any participant knowing the complete private key.
DKG’s algorithm logic is that each participant generates a polynomial and distributes its value (i.e., private key shards) to all other participants. Based on polynomial interpolation principles, each participant receives a private key shard, and these shards can be used to compute the public key.
In DKG, the complete private key is never actually generated. Each participant only has part of the private key information, computed through polynomial interpolation, and no one knows what the complete private key is. During the signing process, each participant with a private key shard will sign the transaction, creating a signature shard. Then, these signature shards are collected and combined in some way (such as Lagrange interpolation) into the final signature. This signature can be verified with the public key, and it is functionally equivalent to a signature generated with the complete private key.
V.Comparison Between Threshold Wallets and Multi-Signature Wallets Threshold wallets and multi-signature wallets are both designed to enhance asset security, requiring multiple signatures to complete a transaction. Their main difference lies in that the signing process of a threshold wallet happens off-chain, whereas every signature in a multi-signature wallet is published on-chain. This means that transactions in threshold wallets are more private, as only the final signature is made public, while in multi-signature wallets, every signature is recorded on the blockchain, potentially exposing additional information. The choice between these types of wallets depends on users’ specific needs and considerations for privacy and security.
In simpler terms, multi-signature wallets are more like a safe with multiple locks, each lock (public-private key pair) requiring a separate key (private key) to open. The safe (Bitcoin script or smart contract) has a unique address (Bitcoin script address or smart contract address), and each transaction requires multiple keys (multiple private keys) to open the safe (complete the transaction).
In contrast, a threshold wallet is like a safe with only one lock (public key), but the key to this lock (private key) has been shattered (divided into private key shards) and distributed among multiple owners of the safe. Each transaction requires only a certain number of key fragments (private key shards) to open the safe (complete the transaction). This way, even if someone obtains part of the key fragments (private key shards), they cannot open the safe (complete the transaction), thus significantly enhancing asset security.
VI.Conclusion Choosing the right asset management tool requires consideration of factors such as security, ease of use, and cost. Single-signature wallets suit individual users, offering simple operation but relatively lower security. Multi-signature and threshold wallets suit scenarios requiring joint control over funds, such as companies and DAOs, providing higher security but with relatively more complex operations and higher costs.
In this context, the emergence of Cregis undoubtedly provides users with a new option. Cregis is a meticulously designed digital asset self-custody platform that leverages cutting-edge cryptographic technology. Through the use of MPC (Multi-Party Computation) encrypted sharding technology and secure TEE (Trusted Execution Environment) computations, Cregis ensures that the original private key is never exposed during transaction signing, providing robust protection for asset security. Additionally, Cregis offers process-driven, intelligent asset management tools to help users and teams manage assets efficiently and securely.
Cregis’s products already cover multiple platforms, including macOS, Windows, iOS, and Android. Whether you are an individual or a corporate user, you can easily find a solution tailored to your needs. Cregis’s goal is to help users enhance asset circulation efficiency and reduce asset management costs while ensuring asset security.
Whether you are an individual user or a corporate user, regardless of your need for a single-signature wallet, multi-signature wallet, or threshold wallet, Cregis can provide you with top-notch service. If you’re looking for a safe, efficient, and user-friendly asset management tool, then Cregis is undoubtedly your best choice.
