Threshold ECDSA Using GG20
The thing I love about research is that moment you find a new paper, and it changes your viewpoint on things. And so this is the paper I’ve been reading, and it has given me so many ideas in creating distributed environments for multiparty computation [here]:
The focus of the paper is to create an ECDSA signature using secret shares of a private key. In this way we can create an ECDSA signature using multiple Shamir shares, and where the private is never actually revealed but split over two or more parties.
So, let’s use the Coinbase Kryptology library to implement a 2-from-2 threshold ECDSA scheme using GG20 (Gennaro and Goldfeder, 2020). Initially, we will use the secp256k1 curve and then generate a new private key (ikm):
k256 := btcec.S256()ikm, _ := dealer.NewSecret(k256)
This private key will not be stored on the parties which receive the shares and can be deleted after the shares have been distributed. We can then generate the associated public key (pk) and split the key into a number of shares (sharesMap):
pk, sharesMap, _ := dealer.NewDealerShares(k256, tshare, nshare, ikm)
