深度 |《Wisdom Chain文档知识库》之多重签名
English
What is aggregate signature
Aggregate signature is a kind of signature aggregation of key generated by each party using Schnorr Signature (a digital signature scheme, known for its simplicity and efficiency, and its security is based on the intractability of some discrete logarithm problems. Next, we will talk about Schnorr Signature). It can merge the public key and signature of each participant in a multi signature transaction into one public key and signature It is invisible, and the information before merging cannot be deduced from the public key and signature after merging, and only one verification is needed during verification. At present, Mimblewimble has used Schnorr signature algorithm to implement signature aggregation.
In the case of multi signature with ECDSA, if there are N private keys signed, the N signatures need to be verified respectively. Because of the linear characteristic of Schnorr Signature Algorithm, in the same case, the signatures of N private keys can be "aggregated" into one signature. The principle is as follows:
Because the points on the elliptic curve can satisfy the multiplicative combination law, for the two points X, Y and corresponding scalar (private key) x, y and the origin G on the elliptic curve,then:
For ECDSA signature algorithm, n modulus and 2 * n dot multiplication operations are needed to verify n signatures. For Schnorr Signature, we can add the verification equation:
At this time, we need to do 2n addition operation and n+1 point multiplication operation to verify the multi signatures generated by the Schnorr signature algorithm. Because the resource consumption of addition operation is very low, the resource consumption of the two multi sign verification methods can be approximately compared as follows: ECDSA is one time modulus plus two dot multiplication, Schnorr is the resource consumption of one point multiplication. The obvious conclusion is that the Schnorr Signature Algorithm consumes less resources.
For the above multi signature cases, using Schnorr Signature Algorithm to aggregate signature can provide the following additional benefits:
Performance: it can greatly reduce the cost of verifying signatures. The advantage of Schonrr signature algorithm is obviously. For a multi signer transaction, it needs to be verified many times, and aggregated signature needs to be verified only once, thus enhancing the speed of node verification.
Transaction volume: by aggregating multiple signatures into one signature, the size of multi signature can be greatly reduced, and the bandwidth consumption for network transmission and the occupation of storage space of nodes can be significantly reduced.
Privacy: using Schnorr aggregate signature can improve the privacy of data on the chain. For the verifier, the aggregate signature does not seem to be different from the ordinary Schnorr Signature. It is impossible to distinguish whether the transaction is an ordinary transaction or a multi signature transaction, and the public key and signature of the users participating in the transaction will not be exposed.
When creating a multi signature scheme based on Schnorr aggregate signature, in order to ensure that the multi signature signature looks like a single key signature, make the traditional verification method effective, and ensure that the whole process only needs linear sub signature aggregation, the scheme needs to meet the following characteristics:
It is proved to be secure in the common public key model
The Schnorr equation is satisfied, so the signature can be written as a function of public key combination
-
Allow interactive aggregate signature (IAS)
-
Allow non interactive aggregate signatures (NAS), where aggregation can be done by anyone
-
Allow each signer to sign the same message
-
Allow each signer to sign his or her own message.
At present, there are many implementations of aggregate signature scheme based on Schnorr, and the final scheme given by Blockstream is MuSig. The differences of implementation modes and the specific principle of MuSig can be referred to [8] [9].
Use of aggregate signature
In the privacy protection of wisdomchain's latest white paper, we see the use of aggregate signatures.
Through aggregate signature, atomic exchange can be realized safely and simply. The essence of aggregate signature is a signature offset. Once combined with the real signature, the private key used in the signature can be calculated. The credibility of aggregate signature can be verified without exposing any information at the same time. Aggregate signature can ensure the atomicity of atomic exchange and the security of both parties.
Suppose that the concise process of atomic exchange between A and B through aggregate signature is as follows:
-
A and B store the cryptocurrency in two respective signed addresses.
-
The private key used by A will be one-time, because she needs to send the private key to B.
-
A provides B with an aggregate signature, which needs to be confirmed by B.
-
When A broadcasts her signature to prove her encrypted currency, B can get enough information to calculate A's private key and get her encrypted currency.
-
B signs a transaction and sends cryptocurrency to A.
-
A uses the other half of the private key to sign and broadcast the transaction receiving cryptocurrency.
-
B gets all the private keys and receives the cryptocurrency held by A. at the same time, A also gets the currency of B.
简体中文
以上是多重签名规则的定义
-
到期日;
-
债券的)票面利率;
-
本金或者面值;
-
定期的付息。
-
企业不能隐藏现金,因为这有悖于原本的融资目的;
-
在债券有担保且无法履行义务的时候,那么几乎就会造成变卖资产或者行使担保权的结果。因此,这时就不可避免地会有中央集权型力量的介入;
-
合约还必须要调用支付。由于支付行为是通过中央集权型主体——银行来操作的,因此目前智能合约的“智能”程度具有一定的局限性。
-
中心化合同能自动地向债权人的账户进行汇款和支付;
-
中心化的证券交易,以允许债权人之间进行债券交易;
-
根据对债券代币多重签名的应用,来进行交易平台各当事人之间的债券处理和结算确认。
关注Wisdom Chain动态
-
Twitter:@Wisdom_Chain -
微博:WisdomChain -
知乎:智慧链技术社区 -
Facebook:WisdomChain -
Telegram:@WisdomPublicChain
相关资源
https://github.com/WisedomChainGroup
-
WIsdom Chain公链文档知识库: -
Wisdom Chain官网: -
Wisdom Chain技术论坛: -
Wisdom Chain开源代码库: -
Wisdom Chain区块浏览器:
- 免责声明
- 世链财经作为开放的信息发布平台,所有资讯仅代表作者个人观点,与世链财经无关。如文章、图片、音频或视频出现侵权、违规及其他不当言论,请提供相关材料,发送到:2785592653@qq.com。
- 风险提示:本站所提供的资讯不代表任何投资暗示。投资有风险,入市须谨慎。
- 世链粉丝群:提供最新热点新闻,空投糖果、红包等福利,微信:juu3644。