What is Signature Aggregation or Signature Aggregation?

Signature Aggregation or Signature Aggregation, is a cryptographic technique that is used to join two or more digital signatures. A process that seeks the union of the same so that they represent a unique and valid digital signature for a document or digital information, which can be easily verifiable.

Une of the most anticipated crypto features in the world of Bitcoin is the known Signature Agregation or Signature Aggregation. This is a function that seeks to expand and improve the digital signature capabilities of this cryptocurrency. But what exactly is Signature Aggregation? Well, let's take a closer look at this technology.

Signature Aggregation, a new way of making digital signatures

When we talk about Signature Aggregation (SA or Signature Aggregation), we are referring to a new cryptographic technique or protocol that seeks to expand digital signature capabilities. More specifically, Signature Aggregation seeks to make these signatures can be grouped and compressed in a unique way, but can be verified at all times if necessary. In this way, the signatures that form an SA can be represented in a single digital signature, but said SA can be used to correctly validate the data assigned to each of the digital signatures within that same SA.

Sounds complex, right? It certainly is, but behind the complexity lies a very simple reasoning that we will quickly explain with this example:

Imagine for a moment that you have a digital document that has to receive three digital signatures. If the document receives the digital signatures of these people, anyone who can read its metadata can see whose signatures it is, and not only that, the document itself has increased in size in terms of storage we are talking about.

But what would happen if we apply a Signature Aggregation or Signature Aggregation? Well, in that case, the three people who sign the document do so in the normal way, but as the signatures are joined, the algorithm joins them to generate a single digital signature, which is then joined to the digital document. With this, firstly, we sign the document and it can be validated, secondly, no one will be able to know exactly who are the ones who signed the document, but it is still valid, and thirdly, now the document only has a digital signature , takes up much less storage space.

A technology to improve the security of our transactions

This is exactly what a Signature Aggregation does, and is perfect for use in technology blockchain, especially in multi-signature transactions or other multi-signature operations since it allows us to save storage space in the blocks, thus improving scalability, and at the same time, improving the privacy of the network by protecting our digital signatures in a publicly auditable environment such as a blockchain.

With this we can clearly see why there is so much interest in implementing such technology in Bitcoin and other cryptocurrencies, , something that is closer than it seems.

Signature aggregation and Schnorr signatures

In another Bit2Me Academy article we have talked about the Schnorr firms and the great interest in implementing them in Bitcoin. Well, part of that interest is directly related to Signature Aggregation (SA). The reason? Schnorr signatures were designed from the ground up to support these types of features. This makes them ideal for this type of cryptographic techniques.

In fact, Schnorr signatures would allow Bitcoin Signature Aggregation to be taken much further, allowing individual transactions with multiple inputs, and therefore with different signatures for each input, to be represented by a single digital signature of this type. This feature is known as Cross-input Aggregation, and it can help save up to 30% of space on Bitcoin blocks. A situation that would allow an increase in space to introduce more transactions in each block, improving the scalability of the network. Not to mention the privacy achieved by this system, since it is impossible to trace individual signatures from this single signature, making it impossible to track signatures with their corresponding entries within each transaction. Although, this Cross-input Aggregation scheme we may not see it in bitcoin ever, due to what it explains Gregory Maxwell in a extensive thread on Bitcointalk.

However, in Bitcoin most developers agree that Signature Aggregation is vital, and this would go hand in hand with technologies such as Schnorr signatures and tap root, where he could exploit his abilities to the fullest. And it is that we remember that, the objective of Taproot is to enable better and more complex scripts within Bitcoin. Scripts that of course are accompanied by digital signatures, and that could be replaced by a Signature Aggregation without major problems.

Advantages and Disadvantages of Signature Aggregation

Advantages

Now, let's examine a little what are the advantages and disadvantages that are presented with this new system of digital signatures. In the case of its advantages we can mention:

1. Greatly reduces the size of the digital signature section for multi-signature transactions. This allows space to be saved within the blocks so that other transactions can be placed within it, thus improving the scalability of the network.
2. Signature verification is done faster and more efficiently. This is because only one signature must be verified instead of several signatures at the same time. This reduces the need for horsepower for this task.
3. Third, anonymity is optimized to a certain extent. This is because the aggregate signature is a composite of individual signatures belonging to individual users. However, it is impossible to know which of those signatures were the origin of the added signature.
4. Signature Aggregation is a fundamental pillar for technologies such as MAST, tap root, Grafroot., in addition to opening the doors to new improvements for second layer protocols, atomic swaps and other on-chain implementations.

Disadvantages

However, for disadvantages we can mention:

1. It is quite a complex implementation to perform. In fact, the Bitcoin development team has been working on this implementation for close to two years and is still in development.
2. Careful implementation is needed to avoid certain attack vectors that would enable unauthorized spending of funds. This is possible if a false aggregate signature scheme is used in a type of attack known as Rogue attack. What this attack does is, in a way, "forge" a digital signature. This forces the other party to reveal information that could be used against them. With this information, the attacker can trivially calculate a valid digital signature for an aggregate signature scheme. That way, you can effectively steal money from an address that is not under your control. This is one of the reasons for the careful implementation of aggregate signatures in Bitcoin.
3. There is the possibility of using signature aggregation to cover all transactions within a block. However, this puts the security of Bitcoin and any cryptocurrency that implements such a feature at serious risk. This is because, if an attacker succeeds in carrying out a Rogue Attack, or discovers some other flaw in the implementation, they could easily steal the funds from that block or series of blocks.