其他区块链技术通常是由第三方提供多重签名服务,但在Wisdom Chain上则是将其作为一个标准功能。这对于想要实现多重签名功能的自动化编程者而言,也意味着用户能够通过接口就可以实现多重签名功能。


Aggregate Signature of Wisdom Chain Document Knowledge Base

This article comes from the official Twitter of Wisdom ChainURL:https://twitter.com/Wisdom_Chain/status/1297831751809720322?s=20

What is aggregate signature

Aggregate signature is a kind of signature aggregation of key generated by each party using Schnorr Signature (a digital signature scheme, known for its simplicity and efficiency, and its security is based on the intractability of some discrete logarithm problems. Next, we will talk about Schnorr Signature). It can merge the public key and signature of each participant in a multi signature transaction into one public key and signature It is invisible, and the information before merging cannot be deduced from the public key and signature after merging, and only one verification is needed during verification. At present, Mimblewimble has used Schnorr signature algorithm to implement signature aggregation.

In the case of multi signature with ECDSA, if there are N private keys signed, the N signatures need to be verified respectively. Because of the linear characteristic of Schnorr Signature Algorithm, in the same case, the signatures of N private keys can be \”aggregated\” into one signature. The principle is as follows:

Because the points on the elliptic curve can satisfy the multiplicative combination law, for the two points X, Y and corresponding scalar (private key) x, y and the origin G on the elliptic curve,then:

For ECDSA signature algorithm, n modulus and 2 * n dot multiplication operations are needed to verify n signatures. For Schnorr Signature, we can add the verification equation:

At this time, we need to do 2n addition operation and n+1 point multiplication operation to verify the multi signatures generated by the Schnorr signature algorithm. Because the resource consumption of addition operation is very low, the resource consumption of the two multi sign verification methods can be approximately compared as follows: ECDSA is one time modulus plus two dot multiplication, Schnorr is the resource consumption of one point multiplication. The obvious conclusion is that the Schnorr Signature Algorithm consumes less resources.

For the above multi signature cases, using Schnorr Signature Algorithm to aggregate signature can provide the following additional benefits:

Performance: it can greatly reduce the cost of verifying signatures. The advantage of Schonrr signature algorithm is obviously. For a multi signer transaction, it needs to be verified many times, and aggregated signature needs to be verified only once, thus enhancing the speed of node verification.

Transaction volume: by aggregating multiple signatures into one signature, the size of multi signature can be greatly reduced, and the bandwidth consumption for network transmission and the occupation of storage space of nodes can be significantly reduced.

Privacy: using Schnorr aggregate signature can improve the privacy of data on the chain. For the verifier, the aggregate signature does not seem to be different from the ordinary Schnorr Signature. It is impossible to distinguish whether the transaction is an ordinary transaction or a multi signature transaction, and the public key and signature of the users participating in the transaction will not be exposed.

When creating a multi signature scheme based on Schnorr aggregate signature, in order to ensure that the multi signature signature looks like a single key signature, make the traditional verification method effective, and ensure that the whole process only needs linear sub signature aggregation, the scheme needs to meet the following characteristics:

It is proved to be secure in the common public key model

The Schnorr equation is satisfied, so the signature can be written as a function of public key combination

Allow interactive aggregate signature (IAS)

Allow non interactive aggregate signatures (NAS), where aggregation can be done by anyone

Allow each signer to sign the same message

Allow each signer to sign his or her own message.

At present, there are many implementations of aggregate signature scheme based on Schnorr, and the final scheme given by Blockstream is MuSig. The differences of implementation modes and the specific principle of MuSig can be referred to [8] [9].

Use of aggregate signature

In the privacy protection of wisdomchain\’s latest white paper, we see the use of aggregate signatures.

Through aggregate signature, atomic exchange can be realized safely and simply. The essence of aggregate signature is a signature offset. Once combined with the real signature, the private key used in the signature can be calculated. The credibility of aggregate signature can be verified without exposing any information at the same time. Aggregate signature can ensure the atomicity of atomic exchange and the security of both parties.

Suppose that the concise process of atomic exchange between A and B through aggregate signature is as follows:

A and B store the cryptocurrency in two respective signed addresses.

The private key used by A will be one-time, because she needs to send the private key to B.

A provides B with an aggregate signature, which needs to be confirmed by B.

When A broadcasts her signature to prove her encrypted currency, B can get enough information to calculate A\’s private key and get her encrypted currency.

B signs a transaction and sends cryptocurrency to A.

A uses the other half of the private key to sign and broadcast the transaction receiving cryptocurrency.

B gets all the private keys and receives the cryptocurrency held by A. at the same time, A also gets the currency of B.


Wisdom Chain多重签名

Wisdom Chain的多重签名功能是一个独立的功能,它与其他区块链技术不同。在交易广播到区块链之前,不需要依靠中央集权型的应用进行签名编译。所有的过程都是在区块链上完成的,因此不用担心所有的应用或者账号能否在中央集权型的应用服务器上运作,就可以完成签名。在这个功能上不存在任何故障点,这也正是Wisdom Chain的独特之处,是非常强大的特征。

在Wisdom Chain上,支持的模式是MN,这意味着一个规则最多可以有M个签名,但是同时可以有N个签名时可以对其进行签名(请注意,N必须小于或等于M)。


