Schnorr Signatures
Schnorr signatures are a type of digital signature scheme that is known for its simplicity, provable security, and linearity. They are a key building block of the SUBFROST protocol, and what makes FROST and ROAST signatures possible.
What is a Digital Signature?
A digital signature is a cryptographic mechanism used to verify the authenticity and integrity of a digital message or document. It is the digital equivalent of a handwritten signature or a stamped seal.
A digital signature scheme typically consists of three algorithms:
- Key Generation: An algorithm that generates a private key and a corresponding public key.
- Signing: An algorithm that produces a signature for a message, using the private key.
- Verification: An algorithm that verifies the signature for a message, using the public key.
Advantages of Schnorr Signatures
For many years, the dominant digital signature scheme used in Bitcoin and other cryptocurrencies was the Elliptic Curve Digital Signature Algorithm (ECDSA). However, Schnorr signatures have several advantages over ECDSA, which is why they were included in the Bitcoin Taproot upgrade and why they are used in SUBFROST.
Linearity
The most important advantage of Schnorr signatures is their linearity. This property allows multiple signatures from different signers to be aggregated into a single, valid signature. This is not possible with ECDSA.
This linearity is what makes threshold signature schemes like FROST possible. In a FROST signing ceremony, multiple participants can each create a partial signature, and these partial signatures can then be combined to create a single, valid Schnorr signature for the group.
Smaller Size
Schnorr signatures are also smaller than ECDSA signatures. A Schnorr signature is typically 64 bytes, while an ECDSA signature can be up to 72 bytes. This may not seem like a big difference, but it can have a significant impact on the transaction fees and the overall scalability of a blockchain.
Provable Security
Schnorr signatures are provably secure under standard cryptographic assumptions. This means that there is a mathematical proof that the signature scheme is secure, as long as the underlying mathematical problems (like the discrete logarithm problem) are hard to solve.
Conclusion
Schnorr signatures are a powerful cryptographic tool that provides a number of advantages over older signature schemes. Their linearity, smaller size, and provable security make them an ideal choice for use in cryptocurrencies, other decentralized systems, and SUBFROST.
Schnorr Signatures in SUBFROST
SUBFROST uses Schnorr signatures extensively throughout the protocol. The schnorrkel crate is used to provide the core Schnorr signature functionality.
frBTC and dxBTC Tokens
The frBTC and dxBTC tokens are both secured by Schnorr signatures. When a user wants to mint frBTC tokens, they must first lock up their BTC in a Bitcoin address that is controlled by the SUBFROST signer set. The private key for this address is a Schnorr key that is held by the signers.
When a user wants to redeem their frBTC tokens for BTC, they must submit a request to the SUBFROST network. The SUBFROST signers will then use their Schnorr key to sign a Bitcoin transaction that sends the BTC to the user's address.
The schnorrkel Crate
The schnorrkel crate is a pure-Rust implementation of Schnorr signatures. It provides a simple and easy-to-use API for creating and verifying Schnorr signatures.
The subfrost-core crate uses the schnorrkel crate to implement the FROST and ROAST signing protocols. The schnorrkel crate is also used to create the Schnorr signatures that are used to secure the frBTC and dxBTC tokens.