Adding Threshold Signature Scheme (TSS) to Tezos

Tal Be'ery
Jun 20 · 6 min read
A Tezos Transaction (source)
With TSS there is no private key

Threshold Signatures Scheme (TSS)

Threshold Signatures Scheme (TSS) removes the burden of the single atomic private key and splits the responsibility between multiple parties.

Two party EdDSA key generation and signing (source)

Why Tezos?

At KZen, we have already implemented Threshold Signatures Scheme (TSS) support for Bitcoin, Ethereum, Binance, and Zilliqa and we wanted to experiment with other coins.

  • Economic novelty: Tezos users are rewarded for actively participating in the consensus (“staking”) and thus, help to secure the network. Making money is always a welcomed feature for users.
  • Technical maturity: To implement a TSS wallet with a blockchain, we need a mature enough developer environment. Tezos network had all the required ingredients in its testnet:
  • A faucet so we could test everything without risking real money
  • A blockchain explorer so that we could confirm that our transactions were successfully recorded on the blockchain
  • Access to the testnet which was provided via API and an Open source SDK which was far more comfortable than setting up a full node)
  • Technical novelty: Our previous experiments of TSS with actual coins were limited to ECDSA and Schnorr signatures. This is the first time we (or anyone else, to the best of our knowledge) has implemented TSS for an EdDSA signatures-based coin.

TSS is needed even if Tezos Supports MultiSig

It’s worth noting that even though Tezos supports smart contracts which allow users to add multi-signature security, there are still distinct advantages to using TSS. One main advantage is that TSS transactions look exactly the same as regular transactions. Unlike with MultiSig transactions, the TSS “magic” is applied in the mathematical layer and not in the application layer.

  • The control mechanism is not exposed to the world: With TSS, the signing parties are never exposed and therefore, adversaries cannot learn about the various parties or their control structure, nor can they monitor changes to them.
  • Comprehensive control mechanisms: Using TSS, the user can create all kinds of comprehensive arbitrary control mechanisms (e.g. combine a few parties from one group and a few parties from another group).

The Proof of Concept

Tezos’ blockchain network is innovative, introducing concepts such as staking and baking to support Proof-of-Stake consensus. However, because TSS is blockchain agnostic, it is able to easily integrate with this unique architecture. This compatibility is what allowed us to complete this PoC in one day with no need for “integration” on the Tezos side.

Creating a normal transaction on Tezos (source)
Generating an address from a public key

Conclusions

We plan to refactor the code to interact directly with our TSS setup and release it as an open source project soon. We will include an interface to relevant features such as Origination and Delegation messages to support with the staking process.


ZenGo

A new crypto wallet. Simply Secure. by KZen

Tal Be'ery

Written by

All things CyberSecurity. Security Research Manager. Co-Founder @ZenGo (KZen). Formerly, VP of Research @ Aorato acquired by @Microsoft ( MicrosoftATA)

ZenGo

ZenGo

A new crypto wallet. Simply Secure. by KZen