Bitcoin’s P2SH multi-signature and Ethereum’s contract multi-signature are still the mainstream of the market.
Original title: “Nine years of multi-signature development, will threshold signature technology be the future?” 》
Written by: Tan Guopeng, founder of Ownbit
In 2011, BIP0011 introduced multi-signature to Bitcoin. Since then, multi-signature has been one of the core functions of Bitcoin and has been moving forward.
MN standard transaction
The BIP proposed to treat MN transactions as a new “standard transaction.”
BIP0011, 2011-10-18
BIP0011 proposes the MN transaction as a new “standard transaction” (standard transaction is a term in Bitcoin and is relatively non-standard transaction). In order to achieve a soft fork upgrade, Bitcoin invented standard transactions and non-standard transactions. Nodes have different verification rigor and acceptance for different types of transactions, so as to accommodate transactions that may not be recognized in the future (non-standard transactions).
Upgrading the MN transaction type to a standard transaction means that the Bitcoin network officially has the ability to multi-signature. The specific way to implement MN multi-signature is to introduce the new OP_CHECKMULTISIG operator. For example, the scriptPubKey of a standard MN multi-signature transaction is written as:
m {pubkey}...{pubkey} n OP_CHECKMULTISIG
The MN standard transaction is a multi-signature version 1.0, which is also called: P2MS (Pay to Multisig Script).
On January 30, 2012, the first multi-signature transaction in the history of Bitcoin development was broadcast to the network. It was a 1-2 multi-signature with a sending amount of 0.01 BTC.
60a20bd93aa49ab4b28d514ec10b06e1829ce6818ec06cd3aabd013ebcdc4bb1
P2SH multi-signature
Then, in January 2012, P2SH (Pay to Script Hash) was introduced to Bitcoin through BIP0016. P2SH corresponds to P2PKH (Pay to Public Key Hash). P2PKH is the address starting with 1, and P2SH is the address starting with 3. The role of P2SH is to allow Bitcoin to have the function of custom contracts.
P2SH allows simple logic control (such as if…else…), and allows any logical combination within the operator (OP_CODE) list. P2SH is the earliest smart contract (not Turing complete, and its flexibility is greatly reduced compared to the later Ethereum smart contract). P2SH also brings better privacy to the Bitcoin network.
P2SH can include any logic, naturally including multisignature logic (that is, m {pubkey}…{pubkey} n OP_CHECKMULTISIG mentioned above), so P2SH-MultiSig was produced. The multi-signature address for P2SH packages is the same as other P2SH addresses, starting with 3. The logic of spending P2SH-MultiSig Output is the same as the logic of spending ordinary P2SH Output, providing the original script that has the same hash value and can be executed. Take 2-3 multi-sign as an example, the original script is:
<OP_2> <A pubkey> <B pubkey> <C pubkey> <OP_3> <OP_CHECKMULTISIG>
The Output sent to the P2SH multi-signature address is much smaller than that of P2MS. Here is an example:
60a20bd93aa49ab4b28d514ec10b06e1829ce6818ec06cd3aabd013ebcdc4bb1
Compared with P2MS, P2SH has obvious advantages of multi-signature. There are two main ones :
- The transaction output (Output) is much smaller, so the transaction becomes smaller, and the required miner fee is also reduced;
- The privacy is stronger, and it is impossible to judge whether the recipient is a multi-signature address from the transaction output alone.
When spending P2SH multi-signature Output, we only need to provide the corresponding signature (for example, 2-3 multi-signature, two parties need to provide their own signatures) to assemble, and provide the corresponding multi-signature original script (with 2-3 multi-signature As an example, it is the public key Pubkey of the three parties), as shown in the following figure:
Among them, sig A and sig C are two-party signatures, and redeemScript is a multi-signature source script
Ethereum multi-signature
In July 2015, the Ethereum mainnet went live. Compared with Bitcoin, Ethereum implements a Turing-complete smart contract, so Ethereum does not need to define the OP_CHECKMULTISIG operator, nor does it need to define the P2SH transaction output, etc. Ethereum can use contract accounts to complete multi-signature and more complex logic functions.
Therefore, on Ethereum, the multi-signature function is generally achieved by deploying a multi-signature contract and obtaining a multi-signature address. Transfer to a multi-signature account is to transfer money to the contract address, and spending the multi-signature balance is to make a contract call to the multi-signature contract. For example, the following is the contract source code of the Ownbit multi-signature wallet. In the source code, the approval or rejection of the multi-signature asset cost is determined by checking whether the calling parameters are valid participant signatures.
https://cn.etherscan.com/address/0xDa06a25Fa725B22Ea40546Be031A46dB6B5bbb18#contracts
Threshold signature
With the development of technology, in the past two years, Threshold Signature has become more and more popular. Threshold signature is a distributed key generation and signature scheme.
The multi-signature technologies mentioned above all act on the blockchain transaction layer (or logic layer, which implements multi-signature logic through code), and the threshold signature acts on the cryptographic layer (private key generation and signature scheme). Therefore, a threshold signature scheme is applicable to multiple coins of the same cryptography (for example, Bitcoin and Ethereum belong to ECDSA-Secp256k1, while Tezos and Stellar belong to EdDSA-Curve25519).
The traditional public and private key generation method is: random number -> private key -> public key -> address. The whole process is on one device and can be done offline. The threshold signature is first defined: mn, that is, the private key is generated by the n party, and the m party can participate in the signature calculation. When generating the private key and the signature, the related parties must be online at the same time, and they must be collaboratively generated. This calculation participatory and maintain their private key secret segment is also known as collaborative: multiparty computation (Multi-party computation).
Threshold signatures bring the following natural advantages:
- Naturally supports MN multi-signature;
- From the perspective of the blockchain transaction layer, there is no difference between a transaction using a threshold signature and a non-multi-signature transaction using a common private key signature. The resulting benefits are: strong privacy, small transactions, and cheap miners’ fees ;
For Bitcoin, the main benefits of threshold signatures are small transaction size, cheap miner fees, and strong privacy. For Ethereum, threshold signatures can bring more benefits. Using threshold signatures, Ethereum can achieve multi-signature at the private key level without the need to deploy multi-signature contracts. In this way, the multi-signature address will be more flexible. You can participate in DeFi applications, DApp signatures, etc. without special modification. (If you want to participate in the DeFi application for the multi-signature address of the contract version, you need to write the contract and use the native method to develop targeted contract calls. Quite troublesome).
Although the threshold signature has the advantages mentioned above, it also has obvious shortcomings . One of the disadvantages is that it makes the process of generating and signing a private key very complicated. It requires participants to collaborate online at the same time . This means that when a transaction is sent, if one party cannot be online in time, it cannot be completed.
Another disadvantage is that the private key generation of the threshold signature cannot be used to generate the private key quickly and hierarchically through xpriv like a normal HD wallet. For Bitcoin, which requires a large number of addresses (change addresses) to be generated, it is slightly troublesome.
The exploration of threshold signature technology on the personal wallet side has just begun. The one that stands out here is the ZenGo wallet. The essence of ZenGo wallet is a 2-2 threshold multi-signature wallet between the user and ZenGo server. Its advantages and disadvantages are very prominent. The advantage is that it can reduce the pressure of the user to keep the mnemonic (or private key) (ZenGo encrypts the private key of the iOS user and stores it on iCloud, because it is still safe to crack the asset here), and can realize an encrypted wallet without mnemonic words , Biological recovery and so on. The disadvantage is that the user cannot fully control the asset, nor can it be restored elsewhere (the security and availability of the user’s asset depends on the ZenGo server).
The above is only the threshold signature technology to realize the function of ordinary wallet (non-multi-signature). For personal multi-signature wallets, there are more difficult thresholds to be solved. For example, how to achieve direct connection between ordinary user wallets (although the p2p technology is relatively mature, this still greatly increases the complexity of the wallet). Because of these shortcomings, the threshold signature wallet has not yet played a significant role in the personal user side. Currently, threshold signatures are generally applied at the enterprise level. For example: multi-signature asset management in the back office of the exchange.
Conclusion
Bitcoin’s P2SH multi-signature and Ethereum’s contract multi-signature are still the mainstream of the market. Threshold signature technology is a very cutting-edge new technology. Its advantages are very prominent, and its disadvantages are also quite obvious. It is an innovation at the level of cryptography, but it is not a solution that completely replaces traditional multi-signature technology.
In certain fields (for example, enterprise level), participants can be deployed online at the same time as servers, and the advantages of using threshold signatures outweigh the disadvantages. For ordinary users’ wallet products, the multi-signature solution needs to consider the user’s ease of use. P2SH multi-signature and Ethereum contract multi-signature are still more suitable choices!
Source link: mp.weixin.qq.com
