Offshift Dev Update, Mid-October 2021: Schnorr's Multi-Signature Algorithm

thumbnail for this post

Offshift is working with Zokyo to develop the platform that will finally bring private finance, or PriFi, live.

Here’s a progress update for mid-October, 2021.

Zokyo continues to work on the cryptography for Offshift’s platform, specifically the implementation of Schnorr’s multi-signature algorithm. This protocol enables a group of signers to produce a short, joint signature on a common message, thus solving security, privacy, and efficiency problems in blockchain.

Schnorr’s Multi-Signature Algorithm allows for the aggregation of multiple signatures and their corresponding keys into a single key. This verification is done in the cryptography layer (vs. the scripting layer).

Let’s imagine a situation that reveals the value of Schnorr’s Multi-Signature Algorithm when transferring funds between parties. Alice wants to transfer funds to Bob and Carol. To do this, they all must sign off on the transaction. Bob and Carol must be involved in payment creation because they have to generate their secrets for future commitments.

Different algorithms, ranging from the simplest to most complex, can verify this kind of transaction. The simplest method is for parties to sign off on the transaction separately and then concatenate signatures. However, this creates an issue of space because the signature size grows linearly with the number of participants. Other solutions also have their disadvantages. So, to avoid wasting resources on the SC side and make this aspect more secure, protocols can utilize Schnorr’s algorithm to efficiently aggregate signatures.

Schnorr’s multi-signature algorithm assumes that one of the participants plays the role of the leader, which requires that they be responsible for creating the common parameters and the signature. In our case, Alice will be a leader.

Let’s predefine that:

  • x1, x2, … are private keys of each participant with corresponding public keys X1, X2, … (Xi = xiG, with G the generator);
  • m - message to be signed;
  • H() - hash function;
  • L = H(X1,X2,…).

The algorithm looks as follows:

  1. The first participants send Xi to the leader. Then the leader should calculate aggregated public key X = sum(H(L, Xi)*Xi).
  2. Then each participant generates a new key pair: Ri = ri*G.
  3. The next step is optional: each participant commits their Ri. This step can be conducted for more privacy.
  4. The leader receives each Ri and, in their turn, generates common R = sum(Ri). Then they send R and X to other participants.
  5. Each signer computes si = ri + H(X,R,m)*H(L,Xi)*xi and sends it to the leader. And the last step - the leader can aggregate the signature - (R,s) where s is the sum of the si values.
  6. Verification can be done in this way: sG = R + H(X,R,m)*X

Below, the Zokyo team has provided a visual interpretation of the Schnorr signature scheme Offshift is using:

If you’d like to learn more about our development with Zokyo, tune into the Offshift Developer Community Calls on the last Thursday of every month at 12PM ET! Join our Discord to listen in and chat more with our community.


To learn more and get involved, visit the links below:

Website | Telegram | Discord | Twitter | Instagram | YouTube | Buy XFT