On November 6, CZ published a tweet, where he declared:
“I believe TSS (threshold signatures scheme) will reshape the landscape for wallets and custodian services. It is far superior to multi-sig.”Changpeng Zhao
However, on November 6 itself, Binance has released an open-source implementation of its Threshold Signature Scheme (TSS) library for Elliptic Curve Digital Signature Algorithm (ECDSA): in layman’s terms, a new cryptographic protocol for distributed key generation and signing which will reportedly help wallet providers and custodians to avoid single points of failure in private keys within distributed key management.
The exchange explains:
“TSS allows users to define a flexible threshold policy. TSS technology allows us to replace all signing commands with distributed computations so that the private key is no longer a single point of failure. For example, each of three users could receive a share of the private signing key, and in order to sign a transaction, at least two of the three users will need to join to construct the signature.”
Likewise, TSS is implemented off-chain, unlike multi-signature protection, thereby using fewer resources and reducing potential attack surfaces.
Binance claims that threshold signatures will mean that a single compromised device which will not put a user’s assets at risk. For business operators, it can help to cement access control policies that purportedly prevent both insiders and outsiders from stealing corporate funds.
However, Binance invited Kudelski Security, a Cybersecurity Solutions Provider, to conduct a third-party audit of the cryptography and code in the Binance TSS library, which reportedly found that “none of the issues found in the frame of this audit could be exploited” to “completely break the security of the scheme, or recover secret data.”
Thus, Kudelski entered a strategic partnership with smart contracts auditing firm Hosho earlier this year to combine their skill sets in order to meet the increasingly complex security demands of the blockchain sector.
Source: binance.vision | docs.binance.org | cointelegraph.com