We are trying to use the Dfinity IC repo to create a reality where several people could be involved as individual signers in an ECDSA threshold scheme.
This scenario is one that can take place entirely offline, does not require timeliness, and would not require fixing bad shares. It is quite simply a means for individuals to participate in a ‘joint account’. To agree/sign at their leisure.
For this scenario, we would need flexible threshold options. A 3(t) of 4(n) scheme being the first requirement.
However, due to the multiple thresholds built into the protocol(namely, the 2f + 1 threshold : verify_threshold?) a simple 3 of 4 will not work. ECDSA Whitepaper Page 13, Page 35, Section 7.5-7.8, A.3.2
In the repo, it seems the 2f+1 threshold occurs due to the multiply step UnmaskedTimesMasked
Is there a simple and safe way to avoid the additional support_threshold scheme for a simple offline signature threshold scheme?
Thank you for the work on this project and any insights you might have.
This scenario is one that can take place entirely offline
Hi @steven_intu I am not sure something like this would be possible using the current protocol, which is inherently interactive. Moreover, you cannot compute ECDSA sigs only with linear operations. So if you use a linear sharing schemes like in this protocol, some amount of interaction and preprocessing will always be needed.
A 3(t) of 4(n) scheme being the first requirement.
As stated in the paper, the scheme only supports f<n/3 byzantine corruptions. Maybe you can have a look at this thread for a similar discussions. The reason the IC integrated this protocol is that it relies on the same assumptions already made by the IC protocol, while giving strong guarantees in terms of security and availability. It seems that your assumptions and setup may be quite different, and that you would be willing to relax some of these requirements. There are many threshold ECDSA protocols in the dishonest majority settings where you could get higher thresholds. Maybe these would be a better fit for your use case. A starting point could be the related work section of the paper.