Schnorr Signature Experimentation in CodeChain

The Schnorr signature is an elliptic curve digital signature, which emerged as an alternative to ECDSA, and is also implemented in CodeChain. You can find more information about this in Bitcoin’s Schnorr BIP, and there are several articles that explain the concept and applications of the Schnorr signature(link1, link2), so be sure to check those out.

Firstly, the four major advantages of the Schnorr signature are as follows:

1. Schnorr signatures are easier to operate and slightly faster than ECDSA. ECDSA has heavy operations such as modular inverse and point multiplication in computation, while the Schnorr signature has relatively few operations that are heavy relative to ECDSA.
2. Schnorr signatures have a smaller signature size compared to ECDSA. ECDSA signatures include a recovery parameter to support public key recovery. Schnorr signatures with implicit Y coordinate allow public key recovery without recovery parameters.
3. Batch validation, which is verifying signatures in one block simultaneously, can be performed with the Schnorr signature. This is due to the linearity of Schnorr signatures, making the addition of multiple verification equations permissible without problems. In this manner, verifying all the signatures at once can reduce the number of point multiplications.
4. The introduction of Schnorr signatures reduces the size of multisignatures. Most blockchains store their signatures one by one when several people join a multisig. This processes the signature signing faster, however, the verification is slow and the size of the signatures increase linearly with the number of participants. If you use Schnorr signatures, you can use multiple multisignature schemes with constant signature sizes. The representative scheme is MuSig.

Schnorr signature implementation on CodeChain

CodeChain uses the Schnorr signature code that was experimentally implemented in Bitcoin’s libsecp256k1. In order to actually use it with Rust, we use a Rust wrapper called rust-secp256k1.

We provide a simple implementation of the Schnorr signature in CodeChain’s JavaScript Primitives, and based on this, we have created the Schnorr version of the JavaScript SDK and Keystore. The Schnorr version of CodeChain and SDK have been tested to pass all of the existing tests when moved from ECDSA to Schnorr without any changes to existing code.

Please refer to the schnorr branch of each repository to check the points mentioned above:

• CodeChain schnorr branch
• Primitives
• SDK schnorr branch
• Keystore schnorr branch

CodeChain’s multisignature based on Schnorr signature

As mentioned earlier, MuSig has an m-of-m multisignature scheme, which has the advantage of not requiring a separate implementation for signature verification and can be verified in the same manner as verifying a single signature. Since using MuSig is possible from the time the Schnorr signature is entered, CodeChain will support MuSig signature signing via the JavaScript SDK and RPC.

In addition, CodeChain will utilize Tree signatures that use MuSig in order to support m-of-n threshold signatures. Tree signatures can be created with only the lock script, and does not need additional implementation. They also have the advantage of having faster verification. For CodeChain, the Tree signature’s lock scripts are being included as standard scripts, and the signature signing will be supported by the SDK and RPC, just like MuSig.