Meet Threshold Signature or Threshold Signature, an advanced cryptographic signature scheme that allows you to use a divided signature scheme that allows you to achieve higher levels of security than with traditional signature schemes.

Cknown as Threshold Signature Scheme (TSS), Threshold Signature SchemesThe simplemente Signatures with threshold, we are referring to a cryptographic digital signature schemes where a number of users can establish a group of signers, and where only some of the members of that group of signers can sign on behalf of the entire group. A striking system that seeks to improve the privacy and security of the digital signature system in a public use environment.

These signature schemes are based on cryptographic primitives that have the potential to generate distributed keys and their corresponding signatures. In general, if you have a threshold signature scheme, there are a number of participants called active signers. These active signatories are those that can carry out the signatures within the group. But this group of active signatories follows from a total number of participants who receive the name of universe of signers. Thus we have that any number of participants in the universe of signatories, can form a group of active signatories, which can sign in full representation of the group.

Basically this whole process can be done without revealing which of the group's signatories have signed. So threshold signature schemes are widely used to improve security and privacy features on various networks. For example within blockchains networks, where these schemes can provide multiple advantages and benefits.

Origin of this system

Digital signature systems peaked with algorithm creation RSA; an algorithm created in 1977 by cryptographers Ron Rivest, Adi Shamir and Leonard Adleman of the Massachusetts Institute of Technology (MIT). Its creation is a huge advance in computer security and is considered today a de facto standard in computer security.

However, for the year 1994, and with advances in computing and information technology, the cryptographers Alfredo De Santis, Yvo Desmedt, Yair Frankel and Moti Yung, once again revolutionized encryption systems and digital signatures by presenting the first system of Signatures with threshold complete, using RSA as a basis. Although at the time, these systems were only dedicated to use in the military and high-security profile, staying away from everyday civil and computer use.

But in October 2012, after a series of events that compromised encrypted passwords for public websites, RSA Security announced that it would launch software to make the technology available to the general public.

After these events and their coming to light, many crypto specialists began to research and develop threshold signature systems. The work spawned an explosive ecosystem of projects investigating new ways to achieve fast and secure schemes. But where he had the greatest interest was in the application of technology blockchain, which by then was beginning to gain relevance in the world.

Finally, in March 2019, the National Institute of Standards and Technology (NIST) held a workshop on threshold cryptography to establish consensus on applications and define specifications. In November, NIST published a draft of a roadmap "toward standardization of threshold schemes for crypto primitives" as NISTIR 8214A. This marked the real start of this technology as standard.

How do threshold signatures work?

In Threshold Signature schemes, the private keys they are generated directly and distributed among all users participating in the scheme.

Private keys are never fully stored anywhere, nor are they created and then distributed among participating members. Rather, each member will have possession of a unique portion of the private key, called secret share, which is generated in a unique and direct way for that user, without the other parties linked to the scheme knowing this information.

Therefore, to make a signature in the threshold signature schemes, it is necessary that the related parties agree to carry out said signature. If it is agreed that a certain number of participants will perform the signature on behalf of the group, a smaller portion of participants will not be able to generate the signature.

Phases for creating a threshold signature

Assuming that we use secure multi-part computation to make a digital signature in a general sense, we will proceed as follows:

  1. Key generation phase: all future participants will get involved together to do two things. First, each party involved generates a secret private key. Second, they generate a public key using your private key.
  2. Signing phase: Participants who join a certain firm use their own private keys as private entries. While using the information to be signed as a public entry to perform a joint signing operation to obtain a signature. In this process, the privacy of secure multi-party computing ensures the security of private keys. Accuracy and robustness guarantee that the signature is not lost and everyone can obtain signatures.
  3. Verification phase: the public key corresponding to the transaction is used to verify the signature. There is no “secret entry” during verification, this means that verification can be done without multi-party counting.

The signature protocol built on the idea of multiparty computing (MPC)  is the threshold signature. It should be noted that we have omitted some details, because secure multi-part computing is actually a collective name for a type of cryptographic protocol. For different security assumptions and threshold configurations, there are different construction methods.

Therefore, threshold signatures of different settings will also have distinctive properties, this article will not explain each setting, but the comparative result with other signature schemes will be presented in the next section.

Advantages of threshold signatures in blockchain systems and distributed networks

  • High tolerance to attacks and failures: Threshold Signature does not have a single point of failure. These schemes have an operating structure that guarantees a high level of security. Since to break the system and to be attacked, the security of many of the parties involved has to be compromised. Since each of the parties has a unique portion of the private key. Secondly, threshold firms can choose a number of signatories less than the number of members of the group. Therefore, by having a lower threshold for the group of participants, the exit of any of these involved parties will not affect the functionality of the scheme.
  • Flexible and highly private schemes: in threshold firms it is possible to integrate new members (participants) whenever desired. Since thanks to the implementation of the multiparty computing (MPC) It is possible to extend the existing private key to other members who join the group, without revealing or changing the private or public keys of the signature scheme. Maintaining the privacy of the data within the scheme at all times, without disclosing it to any of the parties.
  • Shared and distributed responsibility: In threshold signature schemes it is possible to share responsibility with various participating scheme members, breaking single points of failure and ensuring greater security. The private key is never stored in a single part. Instead it is created separately and then distributed into various parts that never meet. So in no time will you have the entire private key in one place.
  • Highly efficient and safe system: When a signature is generated by a threshold signature scheme, where multiple participants have generated the signature, it acts similarly to a single signature. So the nodes of the network can verify it easily and securely through the public key. In addition, it does not require the payment of additional fees to verify said signature. Likewise, the user or users that have generated the signature will not be exposed or visible within the network. The scheme can be used with cryptographic systems like RSA, ECDSA, EdDSA and Schnorr.

How much do you know, cryptonuta?

Are threshold signatures inherently more secure than other signature models?


One of the great advantages of threshold signatures is that they are generated by the signature of the different participants in the system, and because its multiparty security is increased compared to other systems. This ensures that threshold firms are inherently more secure than their counterparts.

Applications and use cases of threshold signatures

Blockchain and distributed networks

Thanks to the advantages offered by Threshold Signature schemes, they can be used in blockchains networks and distributed networks to raise your levels of security and privacy. For example, generating a public address through threshold signatures requires multiple parties to compute their portions of the private key or secret share to generate a public key together.

And as we already mentioned, neither party has a need to reveal the portion of the private key that they have. Then, once the public key has been generated, the public address can be generated as it happens in traditional systems.

The difference with threshold signatures is that there is no single point of failure regarding the private key. Since it is distributed among several members who participate within the signature scheme.


The purses de cryptocurrencies, Based on these signature schemes, they have a more complex structure and a higher level of security and privacy than traditional wallets or multisig wallets. First of all, contrary to the traditional wallets HDIn the Threshold wallets each participant has their own seed or phrase. This prevents the private keys associated with that wallet from being derived or retrieved from the seed it owns. Instead, all the seeds are needed to derive the final key.

Likewise, the transactions made through these wallets are much cheaper. This is because threshold signatures are reflected as a single signature. This makes it unnecessary to process the information of each of the signatories within the blockchain, as is the case with traditional or multisig wallets. Therefore, members do not need to pay additional commission rates for signature verification.

On the other hand, wallets with threshold signatures can operate on multiple blockchains at the same time. This reduces the risk of errors when operating with smart contracts and dApps.

Among the wallets that support this type of operation are Binance (compatible for Bitcoin, Ethereum and Binance Chain), using a development library and through advanced intervention. The wallet also offers support Friends  y zengo. And it can be manually implemented in other wallets using Threshold Signature Scheme Toolkit (TSSKit)

Key management

In key management and administration systems, threshold signature schemes can achieve much more flexible management. And it is that it can be adapted to the particular needs of the participating members. For example, with these schemes you can design authorization models that are in accordance with the priorities of the users.