Last Updated on
NEW YORK (InsideBitcoins) — On day two of the 2015 MIT Bitcoin Expo, Arvind Narayanan of Princeton University gave a presentation on threshold signatures and why they’re an important advancement in bitcoin security. Narayanan was one of the seven researchers behind a new paper on the concept. During his opening remarks, he stated, “My goal today is very simple. I want to tell you what threshold signatures are, and I want to convince you . . . that if you’re serious about bitcoin security [and] you want to protect your wallet, this is a technology that you need.”
I'm excited about this; I still want Schnorr, though: https://t.co/STCFQJ6J6U
— Gavin Andresen (@gavinandresen) March 9, 2015
Narayanan went on to note that there are a few issues regarding privacy and anonymity with multisig addresses. While he believes multisig should be used for securing bitcoins right now, Narayanan believes that threshold signatures can provide more secure storage options for bitcoin users.
[Read More: Bitcoin Multisig Security is “Not Optional Anymore”]
What’s wrong with multisig?
When speaking specifically about multisig, Narayanan started out by saying, “I think it’s a great solution. I think you should use it.” However, it soon became clear that the Princeton professor saw plenty of room for improvement. Narayanan explained the two main issues with multisig addresses during his talk:
- Multisig puts your security solution on the blockchain for everyone to see. For example, if you’re storing company funds in a multisig address and a new employee joins the company, you’ll have to move the funds to a new multisig address with one more party added to the mix. Narayanan described how this could be a serious issue in a situation where 1-of-n keys were compromised by malware. In such a scenario, the victims would move their funds to a new multisig address, which would let the attacker know that their original method of attack on one of the keys was successful. Narayanan described this as a “[public] badge of shame for any negative events that might affect your security.”
- According to Narayanan, “Multisig kind of ruins anonymity.” Multisig potentially creates issues when it comes to change addresses and CoinJoin transactions. In theory, it’s supposed to be difficult to track bitcoins throughout the blockchain because each transaction is split between the recipient and the sender’s change address. Anyone watching a transaction may not know which bitcoins have been sent to someone else and which bitcoins were returned to the sender. When it comes to CoinJoin transactions, users can be much more easily tracked based on the specific m-of-n structure of their bitcoin address or the fact that they’re using multisig at all.
How are threshold signatures any better?
Although he later went into more detail in regards to how the math behind threshold signatures work, Narayanan was also able to explain the advantages of threshold signatures over multisig addresses in a rather concise manner:
“Threshold signatures do what you would intuitively expect [multisig addresses] to do, which is allow you to take any key — and they allow you to split it. And you can manage those different shares of the key . . . in whatever fashion you like. You don’t have to advertise that to the world. And that’s the key difference, and that’s where all the advantages come from.”
Narayanan then pointed out that threshold signatures are not limited to a simple m-of-n design. You could have different priority levels for different key shares. For example, a company could require a certain number of employees to sign off on a transaction, but they may also require an additional signature from at least one individual in a management position.
Prototype already available
Although there is still work to be done on this new method of breaking up the security of a bitcoin wallet into multiple users or devices, the researchers behind the concept have produced a prototype that allows the user to split their key between their computer and their phone. The prototype is based on MultiBit, and a walkthrough video has been made available to the public.
You can follow @kyletorpey on Twitter.