August 4, 2021

What is multi-signature? What is a ring signature?

1

What is multi-signature?

Multisignature (English - multisignature or multisig) - a technology for signing transactions with several private keys to increase the level of security and confidentiality in the approval process of sending transactions.

Multisignature is a kind of threshold signature implemented as a check of conditions specified in the cryptocurrency base scripting language.

2

How and when did multi-signature technology come about?

Although multi-signature technology has become widespread in the world of cryptocurrencies, its fundamental principles existed long before the creation of bitcoin.

For centuries, the principle of multi-signatureused to protect the safety of monastery crypts or crypts in which the remains of saints were stored. The abbot of the monastery distributed to the monks parts of keys from the tombs. Not a single monk could access the sacred remains alone and abduct them.

Multi-signature technology was first implemented in bitcoin addresses in 2012. The first multi-signature wallet was created in 2013. Currently there are more than a dozen.

3

How does multi-signature technology work?

Access to funds stored on a multisig wallet is possible only when two or more signatures are provided simultaneously.

A simple analogy is a bank cell orsafe with two locks and two keys. Mary holds one key, and Juan holds the other. They can open the cell only if both keys are presented at the same time. Separately, they cannot open a cell without the approval of another.

Thus, multisig wallets provideadditional level of security. Using this technology, users can avoid the problems that often arise in the case of wallets with one private key, which have a single point of failure and are vulnerable to cybercriminals who are constantly developing new phishing techniques.

Since to move funds wallets withThe multi-signature function requires more than one signature; they are also suitable for businesses and corporations wishing to store funds in shared wallets.

4

What varieties of multisignatures exist?

1-of-2: combined account of two business partners - signatures of either side are enough to spend money.

2-of-2: combined savings account of two business partners - both signatures are required for spending funds, which prevents one of the account owners from spending funds without the approval of the other.

2-of-2: wallet with two-factor authentication: one is stored on a computer, the other on a smartphone. Funds cannot be spent without the signature of both devices.

3-of-5: low trust donation address - each of the five trusted project participants holds a private key. Three people can spend money, but anyone can transfer donations to the project address. Such a scheme reduces the risk of waste, hacking, virus infection and loss of funds due to the fact that one participant loses interest in the project. The blockchain displays which private key was used in the final signature, which improves the accounting ability.

2-of-3: buyer-seller with a non-trusted conditional account (escrow) - the buyer transfers money to the 2-of-3 address, the seller acts as the third arbitrator.

If the transaction is successful, the buyer and seller both sign the transaction, returning the funds to the seller. If a failure occurs, they may sign a transaction to return the funds to the buyer.

If they cannot agree, both turn toa third party that acts as an arbitrator and provides a second signature to the party that it considers to be worthy. The arbiter cannot steal funds because he has only one key.

2-of-3: a board of three managers holds the funds of a company or organization - these funds cannot be spent without the consent of any two of the three managers. For large organizations, larger multi-subscription transactions are possible - 3-out-5, 5-out-9, etc.

2-of-3: a hot storage wallet for businesses. Bitcoin exchange stores one private key online, another private key - as a paper reserve. A separate cybersecurity company stores the third key online and signs transactions only after checking a number of factors (absence / presence in black and white lists, not exceeding the limit of the number of conclusions for a certain period, two-factor authentication, compliance with regulatory standards, etc.). If a hot wallet of an exchange or company is cracked, it is impossible to steal bitcoins. If a cyber protection company stops working, the exchange can gain access to funds through a paper reserve.

2-of-3: decentralized cold storage cell - one of the keys is stored by the user in the safe at home, the second is stored in the bank cell, and a copy of the third key is stored by the user's close friend and his relative in his office. The home cell is protected from burglars, since spending money requires a visit to a friend, to a bank, or to an office.

2-of-2: smart contracts - TumbleBit, Coinswap, Lightning Network.

1 or 3 out of 4: distributed reserve - the primary user can use the wallet at will, but if this owner loses his private keys, then they can be restored using three of four other trusted friends / organizations. One key is stored in a bank cell, the other three are stored with friends. In the event of the death of the owner, the box with the funds, according to his will, can be transferred to one of the trusted friends or to someone who can take the help of trusted friends.

5

What are ring signatures?

A ring signature is a type of cryptographic digital signature that can be put by any member of a user group, each of which has a key.

One of the digital signature security optionsconsists in the fact that it is impossible to establish by computing means which key of which member of the group was used to sign. Ring signatures are similar to group signatures, but differ in two aspects: it is impossible to deanonymize an individual signature, and members of any user group can become signatories without additional configuration.

The name “ring signature” comes from the ring-like structure of the signature generation algorithm.

6

Who invented ring signatures and when?

Ring signatures were invented by cryptographers Ron Rivest, Adi Shamir and Yael Tauman Kalai and presented this technology at the ASIACRYPT international conference in 2001.

The original concept was thatring signatures will function as a means of protection against leakage of classified information - in particular, from government offices. Subsequently, the original model was optimized.

In 2006, Eiichiro Fujisaki and Kotaro Suzukiproposed a solution called Traceable Ring Signatures to fix the vulnerability of ring signature technology (the risk of manipulation by malicious or irresponsible signers). An optimized version of this kind of ring signature is currently used in CryptoNote coins and ensures the sender is not traced in a P2P transaction, hiding the source of entries in the transaction.

In 2015, Monero Research Labs nominatedThe concept of ring confidential transactions (Ring Confidential Transactions), which was introduced and implemented by the developer of Bitcoin Core Gregory Maxwell. Extending the anonymization capabilities inherent in the original ring signature, ring confidential transactions hide not only the identity of the sender, but also the amount of transactions between the sender and the recipient.

7

How do ring signatures work?

Ring signatures bring group technologySignatures to a new level, providing the user with an increased level of privacy. In a P2P cryptocurrency cryptocurrency transaction format - for example, CryptoNote - ring signatures protect the sender by hiding the receiving side of the transaction in such a way that it is impossible to determine by computation who the signer of the transaction is.

Ring signatures are a more sophisticated scheme than typical digital signatures such as ECDSA or Schnorr signatures.

Ring signatures may require multiplevarious public keys for verification. A “ring” signature is called because it consists of a series of partial digital signatures from different users. Together, these signatures form a unique signature. A group of signatures is known as a ring and can be arbitrarily selected from outputs from other users on the blockchain.

Conceptually, ring signatures are similara scheme in which several parties sign a check from a joint bank account, however, by means of cryptography, the signatory is hidden from the group members.

Ring signature structure (for example, Monero cryptocurrency):

  • Alice wants to send 10 Monero tokens to Bob, and initiates the transaction through her Monero wallet.
  • The digital signature for this transaction is a one-time key that starts with the output spent from her wallet.
  • Ring signature non-signers are past transactional outputs that are arbitrarily selected from the blockchain and act as “tricks” in the transaction.
  • All members of the chain are possible signatories of the transaction - a third party cannot, by computational means, establish a real signatory.
  • All ring signature outputs together form the transaction input.
  • The creator of the transaction, Alice, has a demonstrable right to spend the transaction amount in such a way that her identity cannot be distinguished from the identities of other participants in the ring.
  • Although Alice’s public key is used in her own transaction, it can optionally be used in other transactions on the Monero network as a masking factor.

Automatic creation of unique one-time keys helps prevent transaction connectivity and is possible due to the optimization of key exchange using the Diffie – Hellman method.

8

What is a key image?

Confidential currencies like Monero,faced with the problem of double spending. The lack of a solution makes these networks useless as a digital currency, so a solution was found in the form of using key images in combination with a ring signature scheme.

The key image is cryptographicthe key obtained from the spent output is part of each ring signature transaction. There is only one unique key image for each exit on the blockchain. A list of all used key images is stored on the blockchain.

Due to the cryptographic features of the keyimages, it is impossible to correlate the output on the blockchain and its key image. Any new ring signatures using a duplicate key image are automatically rejected as an attempt at double spending.

9

What are Ring Confidential Transactions (Ring CTs)?

Ring CTs - An Advanced Technology Modificationring signatures. If the main purpose of ring signatures is to ensure the confidentiality of the sender of the transaction, then ring confidential transactions were designed primarily to increase confidentiality for the sender and recipient, hiding the amount of the transaction.

The original ring signature format exits“Split” into separate rings, since ring signatures could contain only equivalent outputs. Because of this, third parties could see the true transaction amounts. Thanks to the use of Ring CTs, transactions are not stored in a transparent blockchain, such as the Bitcoin blockchain, but in a “cloudy” one.

Transactions that use Ring CTs are alreadyno need to split into parts and include in the rings of equivalent outputs - a wallet in a cryptocurrency that uses Ring CTs can arbitrarily select ring members from the output of any amount.

Ring CTs also use a commitment scheme,realized by proving the range, which confirms that the amount used in the transaction is greater than 0 and less than the nth number; however, transaction amounts are not disclosed. Thus, external observers are not able to see the transaction, but thanks to cryptographic verification, they can be sure that the transaction is valid.