深度|《WisdomChain文档知识库》之多重签名

English

Aggregate Signature of Wisdom Chain Document Knowledge Base

This article comes from the official Twitter of Wisdom Chain

URL：

https://twitter.com/Wisdom_Chain/status/1297831751809720322?s=20

What is aggregate signature

Aggregate signature is a kind of signature aggregation of key generated by each party using Schnorr Signature (a digital signature scheme, known for its simplicity and efficiency, and its security is based on the intractability of some discrete logarithm problems. Next, we will talk about Schnorr Signature). It can merge the public key and signature of each participant in a multi signature transaction into one public key and signature It is invisible, and the information before merging cannot be deduced from the public key and signature after merging, and only one verification is needed during verification. At present, Mimblewimble has used Schnorr signature algorithm to implement signature aggregation.

In the case of multi signature with ECDSA, if there are N private keys signed, the N signatures need to be verified respectively. Because of the linear characteristic of Schnorr Signature Algorithm, in the same case, the signatures of N private keys can be "aggregated" into one signature. The principle is as follows:

Because the points on the elliptic curve can satisfy the multiplicative combination law, for the two points X, Y and corresponding scalar (private key) x, y and the origin G on the elliptic curve,then:

For ECDSA signature algorithm, n modulus and 2 * n dot multiplication operations are needed to verify n signatures. For Schnorr Signature, we can add the verification equation:

At this time, we need to do 2n addition operation and n+1 point multiplication operation to verify the multi signatures generated by the Schnorr signature algorithm. Because the resource consumption of addition operation is very low, the resource consumption of the two multi sign verification methods can be approximately compared as follows: ECDSA is one time modulus plus two dot multiplication, Schnorr is the resource consumption of one point multiplication. The obvious conclusion is that the Schnorr Signature Algorithm consumes less resources.

For the above multi signature cases, using Schnorr Signature Algorithm to aggregate signature can provide the following additional benefits:

Performance: it can greatly reduce the cost of verifying signatures. The advantage of Schonrr signature algorithm is obviously. For a multi signer transaction, it needs to be verified many times, and aggregated signature needs to be verified only once, thus enhancing the speed of node verification.

Transaction volume: by aggregating multiple signatures into one signature, the size of multi signature can be greatly reduced, and the bandwidth consumption for network transmission and the occupation of storage space of nodes can be significantly reduced.

Privacy: using Schnorr aggregate signature can improve the privacy of data on the chain. For the verifier, the aggregate signature does not seem to be different from the ordinary Schnorr Signature. It is impossible to distinguish whether the transaction is an ordinary transaction or a multi signature transaction, and the public key and signature of the users participating in the transaction will not be exposed.

When creating a multi signature scheme based on Schnorr aggregate signature, in order to ensure that the multi signature signature looks like a single key signature, make the traditional verification method effective, and ensure that the whole process only needs linear sub signature aggregation, the scheme needs to meet the following characteristics:

It is proved to be secure in the common public key model

The Schnorr equation is satisfied, so the signature can be written as a function of public key combination

Allow interactive aggregate signature (IAS)

Allow non interactive aggregate signatures (NAS), where aggregation can be done by anyone

Allow each signer to sign the same message

Allow each signer to sign his or her own message.

At present, there are many implementations of aggregate signature scheme based on Schnorr, and the final scheme given by Blockstream is MuSig. The differences of implementation modes and the specific principle of MuSig can be referred to [8] [9].

Use of aggregate signature

In the privacy protection of wisdomchain's latest white paper, we see the use of aggregate signatures.

Through aggregate signature, atomic exchange can be realized safely and simply. The essence of aggregate signature is a signature offset. Once combined with the real signature, the private key used in the signature can be calculated. The credibility of aggregate signature can be verified without exposing any information at the same time. Aggregate signature can ensure the atomicity of atomic exchange and the security of both parties.

Suppose that the concise process of atomic exchange between A and B through aggregate signature is as follows:

A and B store the cryptocurrency in two respective signed addresses.

The private key used by A will be one-time, because she needs to send the private key to B.

A provides B with an aggregate signature, which needs to be confirmed by B.

When A broadcasts her signature to prove her encrypted currency, B can get enough information to calculate A's private key and get her encrypted currency.

B signs a transaction and sends cryptocurrency to A.

A uses the other half of the private key to sign and broadcast the transaction receiving cryptocurrency.

B gets all the private keys and receives the cryptocurrency held by A. at the same time, A also gets the currency of B.

简体中文

本文来自Wisdom Chain官方Twitter

URL：

https://twitter.com/Wisdom_Chain/status/1297831751809720322?s=20

多重签名，就是多个用户对同一个事务进行数字签名，可以简单地理解为一个数字资产的多个签名。比如说安妮和鲍勃是一对情侣，他们共同管理100个比特币，这样他们其中有一个想要动用这100个比特，那么必须需要两人同意才可以实现。

多重签名技术，主要是运用在安全方面，在最初的比特币中，拿到私钥就可以进行控制账户。这就意味着，不管是谁，只要获得私钥，就能支配该公钥名下的比特币。钱少无所谓，大额账户就必须得有一些保护措施。

对于一个安全、可靠的系统来讲，免疫单点故障是非常重要的。最早也有一些办法，就是把私钥分成很多份，分开保管，但是这种土方法存在问题，就是不方便也很不智能。

后来，2011年12月20日，比特币核心开发团队就把这个多重签名的功能加入到比特币的核心代码里面。2012年1月，首个多重签名类型的交易出现在区块链上。

最初将私钥最大数量限定为3个，后来其实已经可以扩展到最多支持15个私钥。生成比特币多重签名地址只需要两步，首先确定签名私钥的个数，其次，确定转账时需要几个私钥进行签名就可以了。

Wisdom Chain多重签名

Wisdom Chain的多重签名功能是一个独立的功能，它与其他区块链技术不同。在交易广播到区块链之前，不需要依靠中央集权型的应用进行签名编译。所有的过程都是在区块链上完成的，因此不用担心所有的应用或者账号能否在中央集权型的应用服务器上运作，就可以完成签名。在这个功能上不存在任何故障点，这也正是Wisdom Chain的独特之处，是非常强大的特征。

在Wisdom Chain上，支持的模式是MN，这意味着一个规则最多可以有M个签名，但是同时可以有N个签名时可以对其进行签名（请注意，N必须小于或等于M）。

以上是多重签名规则的定义

其他区块链技术通常是由第三方提供多重签名服务，但在Wisdom Chain上则是将其作为一个标准功能。这对于想要实现多重签名功能的自动化编程者而言，也意味着用户能够通过接口就可以实现多重签名功能。

另外，多重签名功能本身就可以作为实现其他事务或活动的触发器来使用。如;在线钱包、共同财产/合伙经营、监督管理/股份权重、数字遗产等，其中债券的发行和支付就是其中一个很好的例子。一般来说，在债券的发行和支付过程中都伴随着以下几个项目：

到期日；

债券的）票面利率；

本金或者面值；

定期的付息。

如果采用不经由第三者介入的去中心化的智能合约的话，那么为了确实履行合约则需要复杂深入的金钱交涉，去中心化所带来的问题反而更多了。智能合约可能因为以下几个缺点而无法执行：

企业不能隐藏现金，因为这有悖于原本的融资目的；

在债券有担保且无法履行义务的时候，那么几乎就会造成变卖资产或者行使担保权的结果。因此，这时就不可避免地会有中央集权型力量的介入；

合约还必须要调用支付。由于支付行为是通过中央集权型主体——银行来操作的，因此目前智能合约的“智能”程度具有一定的局限性。

对此，Wisdom Chain的应对方法则非常的简单：使用Wisdom Chain的资产定义用来代表债券和交易条款的债券代币。也就是说将其作为能进行时间戳和认证操作（即生成哈希值并记录于区块链上）的文件来处理；

中心化合同能自动地向债权人的账户进行汇款和支付；

中心化的证券交易，以允许债权人之间进行债券交易；

根据对债券代币多重签名的应用，来进行交易平台各当事人之间的债券处理和结算确认。

如上的权利行使过程非常顺利且简便，同时也遵循着现实世界的必要条件。智能合约（利息计算、支付、到期管理以及其他条件）本身在构筑管理系统方面所花费的巨大成本就是一种浪费。出于交易代币这一特定目的的交易平台则是必需的，而且它的构建一次就能完成，之后就可以全面地处理所有的债券和证券了。

值得一提的是，在Wisdom Chain中设定和发行债券代币需要花费的时间不到5分钟。

作者：Wisdom Chain 官方

翻译：Diaos

责任编辑：wozxd

关注Wisdom Chain动态

Twitter：@Wisdom_Chain

微博：WisdomChain

知乎：智慧链技术社区

Facebook：WisdomChain

Telegram：@WisdomPublicChain

相关资源

WIsdom Chain公链文档知识库：

https://docs.wisdchain.com/#/

Wisdom Chain官网：

https://wisdchain.io/

Wisdom Chain技术论坛：

http://tech.wisdchain.io/

Wisdom Chain开源代码库：

https://github.com/WisedomChainGroup

Wisdom Chain区块浏览器：

https://scan.wisdchain.com

—-

编译者/作者：WisdomChain中文社区

玩币族申明：玩币族作为开放的资讯翻译/分享平台，所提供的所有资讯仅代表作者个人观点，与玩币族平台立场无关，且不构成任何投资理财建议。文章版权归原作者所有。