Overview Industry Company Background The Challenge The Solution Results/Achievements

Overview

Distributed registry technologies introduce new nuances into the rules of interaction between networks and their participants. Consensus algorithms help to solve a huge number of practical problems, many of which have not yet been studied. One of the most important elements of the modern blockchain protocol is the optimized interaction of decentralized nodes allowing them to reach consensus. Non-interactive protocols reduce interaction between decentralized participants many times, provide an opportunity to speed up the consensus procedure and, consequently, the blockchain.

Industry

One of the main tasks being solved by the blockchain is increasing trust between the network participants with the help of the consensus algorithm.

Blockchain is a distributed registry able to run business logic on the network.

Modern non-interactive protocols that perform consensus tasks more efficiently are used for optimization.

Company

Opporty is a research project that brings innovations to the B2B field, streamlines transactions, and increases trust between business partners.

Currently, Opporty consists of:

Cybersecurity and cryptology specialists.

DAPP interface designers and performers.

DevOps specialists organizing and setting up the infrastructure of blockchain projects.

Microservice architecture developers.

Background



In 1976, Whitfield Diffie and Martin Hellman first described the concept of a digital signature scheme, although they only assumed that such schemes exist. A bit later, Ron Rivest, Adi Shamir, and Leonard Adleman invented the RSA algorithm that can be used to create primitive digital signatures. This was done only to confirm the concept since “simple” RSA signatures are not safe. Lotus Notes 1.0 was released in 1989 and used the RSA algorithm. It was the first widely sold software package providing a digital signature.

The application area of digital signatures has been constantly expanding.

Information authentication is the first most important way to use threshold signatures.

Our company has been creating blockchain solutions for enterprises of various sizes and specializations. Looking back at the extensive experience of cooperation with different clients, we can assure that it is very important for all business people to know that their data is secure and cannot be accessed by unscrupulous third parties. That is why we think that it is important to utilize digital signatures.

A digital signature can serve as an alternative to the usual one. It is applied when concluding various transactions and authenticating electronic documents. Such signature allows to avoid using a large number of papers, optimizes costs, and saves the time of participants in the transaction.

Both legal entities and individuals can use digital signatures. The former get the opportunity to submit tax reports via the Internet, participate in electronic trading, and enjoy simplified workflow. Individuals can access public services portals, submit online applications to universities, launch sole proprietorship or register companies. An electronic signature is also used for services confirmation via SMS (for example, for receiving banking services).

In addition to authentication, there is another important way to ensure the integrity of information by using digital signatures. Very often, the sender and recipient of a message want to make sure that the message was not changed during transmission. Even though encryption hides the contents of the message, it may be possible to change the encrypted message without reading it. Some encryption algorithms, known as immutable algorithms, prevent this. But others are devoid of this useful property.

However, if the message is digitally signed, any changes made to it after signing invalidate the signature. In addition, there is no effective way to change the message and its signature and create a new message with a valid signature because such operations are still perceived as computationally impossible by most cryptographic hash functions.

Non-repudiation is an important feature of digital signatures. Thanks to it, a party that has signed some information cannot subsequently deny that they have signed it. Similarly, access only to a public key does not allow a fraudulent party to forge a valid signature.

Therefore, signatures provide:

Authentication

Integrity

Non-repudiation

As a rule, digital signatures are based on an open (asymmetric) key.

To create a digital signature:

A signer creates a one-way data hash that should be signed. Then a secret key is used to encrypt the hash. The encrypted hash along with metadata constitutes a digital signature.

To confirm the digital signature:

A verifier creates a one-way digest / data hash for the signature. The secret key, along with the signature hash and the new hash, is used to verify the signature. If the check is successful, this means that the data is unchanged. Otherwise, there are two scenarios:

The message does not correspond to the signature.

The public key does not correspond to the private key used to create the signature.

Threshold signatures were created in the process of the development of new applications for digital signatures. A threshold signature is a special way to generate multiple signatures. A certain minimum number of group participants should create a shared, valid signature. For this, each of them should contribute the part of this signature.

For example, the system requires at least 5 out of 21 team members to contribute their parts in order to make a shared signature valid. If only 4 team members work together to sign a message, the resulting signature would be completely invalid. If 5 or more team members work together, the resulting signature would be valid (provided that the message has not been changed).

This model was applied in many cryptographic protocols, especially in the distributed DLT registry technologies.

You can use it for escrow transactions that allow resolving disputes with the help of multisig signatures.

The escrow procedure helps to resolve various contentious situations by using a distributed registry.

In this way, a signature can be restored or collected asynchronously and independently for each protocol participant. This brings an extra speed boost to the consensus algorithm.

It is also possible to fully divide and distribute the shares of signatures in a non-interactive process where users do not need to interact much with each other. All this may be done without the help of an independent dealer or a central authority.

The Challenge

The Opporty’s distributed registry and blockchain need a fully asynchronous and parallel signature aggregation process for consensus and consistency.

The ability to check a signature in one place is needed to ensure security. At the same time, all signature shares must be created without a single center.

The signature method should be:

the most reliable with small key size;

fast;

optimized;

able to maintain signature aggregation.

The main requirement is to make the protocol non-interactive and create multi-signatures and threshold signatures in one round.

Also, the algorithm must be deterministic and not dependent on a random number sensor because it is to be used in a distributed system.

The Solution

ECDSA (Elliptic Curve Digital Signature Algorithm) performs the role of a digital signature perfectly well. However, it is impossible to combine keys or signatures themselves. Each signature must be verified independently. With multisig transactions, this becomes particularly laborious. It is necessary to check all the signatures and the corresponding public keys one by one, spend much space in the block and pay a high fee.

Schnorr signatures allow aggregation. You can combine all signatures and public keys belonging to a certain transaction into one key and one signature, and no one would know that they correspond to several keys. Also, blocks can be checked faster – you can check all the signatures simultaneously. However, the multisig scheme requires several interaction rounds. It is necessary to rely on a random number generator when aggregating signatures — you cannot select a random R point deterministically, as in ECDSA.

To solve this problem, Opporty uses BLS signatures since they enable the creation of new secret exchange schemes.

Signature aggregation

With BLS, you can combine all types of primitives (secret keys, public keys, signatures), and as a result, you would always obtain another valid primitive. For example, if two secret keys are aggregated, a new valid secret key would be obtained. If two corresponding public keys of private keys are aggregated, a new public key that corresponds to the previously aggregated public key of the private key would be obtained. If two signatures that were created with two previously aggregated secret keys and the same message hash are aggregated, a new signature would also be checked for consistency with the aggregated public key. Primitives that have already been aggregated can also be aggregated additionally, regardless of the aggregation order.

For any given set: secret key – public key – signature, for any operation performed with one of the primitives, you can repeat the same operation with other primitives and get a new pair of primitives still correlating with each other. This scheme is applied if operations become nested and more complex. This allows to get advanced functionality, which is impossible with ECDSA. For example, polynomial estimation and interpolation can be used with any BLS primitive, including a signature.

Uniqueness and determinism

BLS signatures are unique and deterministic. This means that there can be only one valid signature for any pair public key – message. You cannot have two different signatures that validate the same public key and message. This scheme is different from ECDSA where randomness within a signature results in a large number of possible signatures for the same public key and message.

Several positive effects can manifest themselves when it comes to hashing other messages that contain a BLS signature. Such a message (for example, a transaction) will always lead to the same hash. It is impossible to change the signature so that the message remains valid. But the resulting hash is different.

This is of great importance if BLS is used in a distributed registry.

Shamir’s Secret Sharing

The above-mentioned properties of BLS make it possible to implement Shamir’s Secret Sharing (SSS) and Distributed Key Generation (DKG).

Shamir’s Secret Sharing is a threshold scheme that has been known for quite some time and proved its safety. It allows to take a secret and divide it into many parts. A node does not process any information about the original secret and, therefore, is useless. Only if enough parts (m-of-n) are collected, the original secret can be recovered. If someone knows only the m-1 part, they know nothing, just like a person who has no secret parts at all.

This cannot be implemented with the help of EDCSA. Always having the part of a key, you can get a secret key itself.

The difference with BLS boils down to the fact that resulting shared secret keys are also valid secret keys that can be used to sign a message and, therefore, to create a valid signature. However, these are shared signatures being checked only based on the public key of a shared key. Therefore, they are useless.

Polynomial interpolation of keys or the Lagrange method is used to implement threshold signatures. There is a set of points. A polynomial is being built. If a certain N number of these points exists and is given, you can restore the original polynomial and, therefore, a key or a signature itself.

Shamir’s Secret Sharing makes the dynamic Distributed Key Generation possible. This scheme is non-interactive, that is, nod sets do not interact with each other. Therefore, Opporty blockchain’s throughput increases greatly.

Block verification using BLS signatures in Ethereum

Thanks to threshold signatures, it is possible to conduct a very easy check at the EVM Ethereum level to verify signatures and a block.

The keys in the BLS algorithm can be very small. This property can be used to increase the throughput of Plasma and the pBFT algorithm.

One of the important concepts in the Opporty Plasma consensus algorithm is that a single pBFT round within a small consensus group can be completed in just a few seconds. As a result, instead of using digital signatures on high-security levels (128-bit), nodes can sign PREPARE and COMMIT messages with short private keys at low or medium security levels (short 56- or 80-bit keys). This is done sequentially for several cycles before updating the keys.

The benefits of BLS

Key pairs in pBFT provide the following benefits:

The signature size is smaller, which reduces communication overhead.

Signature verification is faster, which reduces computational overhead.

The lifetime of a short-lived key pair should be maintained when using short key pairs, depending on the complexity of hacking underlying cryptosystems using modern cryptanalysis methods and the corresponding security boundaries.

BLS signature functionality applicable to Plasma

A quick check at the level of EVM machines in Ethereum and a root chain.

Small signatures.

Threshold signatures that cannot be implemented with elliptic curves.

Distributed key generation where each party has its own part of the shared key. This is a non-interactive and very reliable DKG protocol that greatly enhances the blockchain’s scalability.

Results/Achievements

Opporty has implemented a library and introduced threshold signatures as well as an efficient distributed key generation algorithm into its protocol.

This provides many advantages:

High decentralization — there is no need to use a centralized server for key distribution.

Efficient consensus algorithm in DLT — BLS signatures are used in a non-interactive form with minimal collaboration with each other.

Security — the ability to verify a single combined signature in one place at the level of smart contracts.

High verification speed and small key size — BLS have been originally created to reduce the key size while preserving the same security level, so the block signature algorithm is very fast and optimized.

By using signature aggregation and multi-signatures, we have implemented a decentralized ESCROW at the protocol level, which makes it possible to resolve various disputes arising between the protocol participants in Opporty’s PoE.

It also ensures the most accurate and transparent companies’ assessment.