accountless.eth
@accountless.eth
1 reply
0 recast
3 reactions
Cassie Heart
@cassie
Plain SSS is a trusted dealer protocol. There's other MPC based enhancements to it, like Feldman Verifiable Secret Sharing, which requires each participant that will hold a keyshare be involved at the time of key generation. This is important for creating additive based keyshares (protocols like GG20, CCGMP, Lin17 come to mind). Some protocols utilize multiplicative shares, which reduces the complexity of two party key generation to simple Diffie Hellman assumptions, and then has a multiplicative gadget used for the signature operations in a way to mask the k value (if ECDSA) so a party can't cheat and recover the key. DKLs18 is an example of this. DKLs19 is an interesting hybrid — it utilizes FVSS to produce keyshares, then has a gadget to convert from share types while performing the subprotocol from DKLs18 (with some adjustments) to thresholdize it. For mobile phones, if you want 2PC ECDSA, DKLs18 is the winner (though note that straight from the paper implementations will have a flaw). If you want...
2 replies
1 recast
1 reaction
Cassie Heart
@cassie
threshold MPC for mobile phones and you want it to be fast, DKLs19 is the answer. The tradeoff that is important to know is that multiplicative based protocols use more bandwidth at signing time at the expense of less compute. (Though for ECDSA the consumption is negligible compared to most mobile apps)
1 reply
0 recast
1 reaction
Cassie Heart
@cassie
And not to overload with more protocol names, but DKLs19 has been superseded with DKLs24, but has tradeoffs as well with respect to bandwidth and compute.
0 reply
0 recast
1 reaction