Threshold Ed25519 — It’s Just Magical And Fit For A More Resilient and Trusted World
Well, Satoshi selected ECDSA for his cryptocurrency, and it has worked well. There were a few little problems along the way, such as in not selecting a random nonce value, and also in repeating a nonce. But overall it has proven to be a good selection. But, is it the future of digital signatures? Well, it’s not going to go away, but there’s an even better signature method: Ed25519. If there is no need to keep compatibility with Bitcoin and Ethereum, Ed25519 is an excellent selection. In fact, IOTA selected it for their signing infrastructure, and many distributed applications are now moving away from ECDSA and moving towards Ed25519.
The key to the success of Ed25519 is the usage of the Schnorr signature scheme, and where we can basically aggregate public keys into a single signing key. A basic adding operation is all that is required.
But, Ed25519 also has a magical secret … it allows a private key to be split into shares using a threshold policy, and then for each party to sign for a transaction using their secret share. It is magical! Basically, we could create a key pair on a computer, and then split the private key into a number of shares and distribute it onto trusted nodes. When required to sign a transaction, each node can then sign with their part of the private key…
