What Are Threshold Signatures?

Threshold signatures are a type of digital signature that requires the agreement of multiple parties, rather than just one, on the message being signed. This makes them useful in a wide range of applications, from identity management to democratic decision-making.

Threshold signatures provide a secure and decentralized way of ensuring that multiple parties need to agree on a decision before it can be considered valid. These parties are often called "signers" and they each hold a share of a private key, which is necessary to generate the threshold signature.

Why Are Threshold Signatures Important?


Threshold signatures can be used in decentralized systems where no single party has complete control. This is important for blockchain-based applications where the goal is to create a trustless and decentralized system. In traditional single-party signature schemes (a way to ensure the authenticity and integrity of a digital message or document), the private key is held by a single entity, making it a single point of failure. If the key is compromised, an attacker can perform fraudulent activities and access sensitive data.

Fault tolerance

With threshold signatures, a system can still function even if some parties are unavailable or compromised. This provides greater fault tolerance and ensures that the system can continue to operate even in the event of an attack or failure.

Without threshold signatures, it may not be possible to create certain types of decentralized systems, such as those that require multi-party approval or voting systems. This can limit the potential use cases for a given system.

Threshold Signatures Use Case Examples

Distributed Identity Management Systems

In traditional identity management systems, a single authority is responsible for issuing credentials. Threshold signatures can be used in distributed identity management systems to allow multiple issuers to jointly issue “claims” about an identity (credentials).

Product Approvals

In industries such as pharmaceuticals, chemicals, or equipment manufacturing, product approvals by regulatory bodies are crucial. These approvals signify that the product has been tested and meets certain safety and quality standards. Threshold signatures can be used in this context to ensure that a threshold number of regulatory bodies or inspectors have approved the product before it can be released to the market. This provides greater trust to consumers who rely on these approvals to make informed decisions about the products they use.

Health and Safety Inspections

In industries such as manufacturing, construction, or transportation, health and safety inspections are critical to ensure that workplaces are safe and comply with regulations. Threshold signatures could be used to ensure that a threshold number of inspectors need to sign off on the inspection before it is considered valid. This would provide greater assurance that workplaces are safe and compliant while potentially reducing the risk of accidents or injuries.

Petition Systems

Petition systems are often used in democratic decision-making processes where a group of individuals need to collectively agree on a decision before it can be made. Threshold signatures can be used in petition systems to ensure that a threshold number of individuals need to sign off on the decision before it can be considered valid. This ensures that decisions are made with the consensus of a group, rather than the opinion of a single individual.

How Threshold Signatures Work

Threshold signatures work by dividing a private key into multiple parts, or "shares," and distributing those shares among different parties. To create a threshold signature, a threshold number of those parties must come together and combine their shares in a way that produces a valid signature.

For example, let's say a private key is divided into five shares, and the threshold is set at three. This means that any three out of the five parties can come together and combine their shares to create a valid signature. However, if only two parties try to create a signature, it would be invalid and rejected.

Decide Which Threshold Signature Implementation Is Best for You

At Dock, we have implemented two variations of threshold signatures (anonymous credentials) with each having different tradeoffs. The first one is based on a modified version of Coconut, which uses a different signature scheme called PS. The second is a threshold BBS+, threshold variant of BBS+, our existing signature scheme.

The benefit of "modified Coconut" is that the threshold signing process is very simple and efficient and it requires no communication among signers. The signers independently generate their signature "share" and send it to the user (holder of the credential) and the user aggregates the shares and generates the final signature which can be verified.

The downside is that a lot more code has to be written and multiple layers in our system need to be modified to support creating and verifying presentations created from credentials using PS signatures. Another downside is that the size of the signing keys should be proportional to the credential size. This is unlike BBS+.

The benefit of threshold BBS+ is that only the threshold issuance process has to be built but credential presentation and verification are same as our existing credential implementation. The disadvantage is that issuance requires the signers to communicate among themselves and is much more resource consuming than Coconut.

Based on the tradeoffs above, applications can choose different implementations.

  1. Rust implementation of threshold BBS+
  2. Rust implementation of Coconut