Please describe your proposed solution.

Threshold signatures are a cryptographic technique where a group of participants collaboratively create a signature without relying on a single individual's private key. It enhances security and resilience. Participants each hold a share of the private key and combine them to generate a valid signature. Threshold signatures offer distinct advantages over both single-key signatures and multi-signature scripts in the context of a blockchain application. A great introduction may be found in the Coinbase blog article on threshold signatures.

Compared to single-key signatures, threshold signatures enhance security and resilience. With a single key, if it is compromised or lost, the entire system's security is jeopardized. In contrast, threshold signatures distribute the signing authority among multiple participants, each holding a share of the private key. This means that even if some participants' key shares are compromised or unavailable, as long as the required threshold number of participants is active, a valid signature can still be generated. This significantly reduces the risk of a single point of failure and improves the overall security of the blockchain system.

Additionally, compared to multi-signature scripts, threshold signatures offer advantages in terms of efficiency and scalability. In a multi-signature scheme, each transaction input requires multiple signatures, resulting in larger and more complex transactions. In contrast, threshold signatures allow for a single aggregated signature to represent the combined authorization of multiple participants. This results in smaller blockchain transactions, reduces transaction fees, and improves the overall efficiency of the blockchain network.

By combining enhanced security and resilience with improved efficiency and scalability, threshold signatures provide a compelling solution for blockchain applications, addressing the limitations of both single-key signatures and multi-signature scripts. They offer increased security against key compromise and enable more streamlined and cost-effective transaction processing on the blockchain.

Threshold signatures can be implemented using the same underlying cryptographic algorithm as Cardano's default Ed25519 signatures. Ed25519 is a widely used and well-regarded elliptic curve algorithm known for its efficiency and security. Threshold signatures can be constructed using Ed25519 keys, making them compatible with the existing infrastructure of the Cardano blockchain. Moreover, the verification algorithm for threshold signatures remains the same as the standard Ed25519 signature verification algorithm. This compatibility simplifies the integration of threshold signatures into the Cardano ecosystem, allowing for enhanced security and resilience without requiring changes to the underlying verification mechanisms.

Our proposed solution involves implementing the necessary threshold signature tooling to generate signatures that are compatible with Cardano wallets. We will leverage the existing Ed25519 signature capabilities of our C++ library Viper25519. The Viper25519 toolset will be expanded to include the required functionalities for key splitting and generating valid signatures from a subset of keys (M of N sub-keys, where M is less than or equal to N). These threshold signatures will be verifiable using the standard Ed25519 signature verification, ensuring compatibility with the Cardano blockchain. To validate the functionality, we will create a CLI tool that can generate a split key, corresponding public key, payment address, and perform transaction building and signing. It's important to note that this tool will not include a secure messaging protocol for multiple users to combine signatures. The entire codebase will be open source.

How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?

This project will provide product developers coming to the Cardano ecosystem with verified tooling and reference implementations upon which to build secure dApps and other integrations using threshold signature technology. Threshold signatures represent an advancement over multi-signature scripts when multi-factor authentication is desired for enhanced security. The availability of such tooling will make Cardano an attractive candidate to builders.

How do you intend to measure the success of your project?

Success for this project will be measured by the ability to showcase successful transactions on the Cardano testnet using a threshold signature wallet. A further metric will be potential follow on projects that will rely on the successful completion of the proposed tooling.

Please describe your plans to share the outputs and results of your project?

The project code will be open-source and available on the Viper Science Gitlab and Github pages. Details of the project will be documented in a blog post and shared via the Viper Science social media outlets.

What is your capability to deliver your project with high levels of trust and accountability?

The Viper Science team has been an active contributor to the Cardano community for over four years. In addition to operating stake pools since the Incentivized Testnet, we have developed several open source tools for Cardano developers and SPOs. Three of these projects have been successfully funded through Catalyst in the past:

• Cardano-Tools Python Library (<https://projectcatalyst.io/funds/8/f8-open-source-development-ecosystem/cardano-tools-python-library>)
• Cardano development library in C++ (<https://projectcatalyst.io/funds/8/f8-open-source-development-ecosystem/cardano-development-library-in-c>)
• API for Multi-Delegation Portfolios (<https://projectcatalyst.io/funds/6/f6-dapps-and-integrations/api-for-multi-delegation-portfolios>)

A complete list of our contributions can be found at <https://viperscience.com/>. Additionally, our team has the domain expertise required to be successful with the proposed work, as we have already laid out much of the groundwork in our Viper25519 project. Details about the team members’ technical backgrounds are included below.

What are the main goals for the project and how will you validate if your approach is feasible?

The feasibility of this project will be determined with an in-depth literature survey, which is already underway and has determined feasibility with enough certainty to implement this proposal.

The main goal of this project is to develop tooling to compute threshold signatures compatible with Cardano wallets. The capability will be verified by successful transactions between threshold and non-threshold wallets on the Cardano testnet.

Please provide a detailed breakdown of your project’s milestones and each of the main tasks or activities to reach the milestone plus the expected timeline for the delivery.

The milestone timelines are decoupled from the hourly price in ADA since it is assumed development will not be full time due to staff allocations. Please see the budget breakdown for estimated hours per task.

Milestone 1 - Direct Key Splitting and Signature [20 weeks, 27,390 ADA]

Implement functionality to split an extended Ed25519 key into multiple sub keys, generate a signature with all sub keys, and finally verify the signature against the public key corresponding to the original private key.

1. Algorithm to split an Ed25519 private key into multiple shares. [8 weeks]
2. Elliptic curve functionality for signature steps and value sharing. [8 weeks]
3. Signature combination and verification. [4 weeks]

Milestone 2 - Shamir Secret Sharing [20 weeks, 18,260 ADA]

Implement Shamir Secret Sharing functionality to split a private key into N sub-keys and set a threshold of M sub-keys required to create a valid signature (M &lt;= N). Generate signatures and test validity.

1. Lagrange polynomial functionality implementation for secret share generation. [8 weeks]
2. Modification of signature steps to include the polynomial coefficients. [8 weeks]
3. Signature combination and verification. [4 weeks]

Milestone 3 - CLI Tool and Testnet Transaction [12 weeks, 9,130 ADA]

With the initial infrastructure built and tested, create a simple CLI tool that will enable a user to test the functionality by generating split keys and creating signatures from those keys. Use the tool to automate test transactions on the Cardano testnet.

1. CLI tool creation exposing the functionality completed at earlier milestones. [6 weeks]
2. Scripts to generate and validate testnet transactions. [6 weeks]

Please describe the deliverables, outputs and intended outcomes of each milestone.

Milestone 1

• Deliverables: Direct key splitting and signatures.
• Outputs: Open source code pushed to the public repository including passing test cases.
• Intended outcomes: At this stage, the code for direct key splitting and threshold signatures will be complete and a high degree of confidence in the eventual success of the project will be achieved.

Milestone 2

• Deliverables: Shamir Secret Sharing.
• Outputs: Open source code pushed to the public repository including passing test cases.
• Intended outcomes: At this stage, the code for all intended functionality will be complete and in a simple to use form (a library). The code will be ready for integration with tooling for the final milestone.

Milestone 3

• Deliverables: Threshold signature CLI tool and example testnet transactions.
• Outputs: Open source repository of the CLI tool. Documentation of the testnet transactions and example scripts.
• Intended outcomes: Display project success and provide tooling to the community.

Please provide a detailed budget breakdown of the proposed work and resources.

The project team consists of engineers with advanced degrees, each with over ten years of professional experience developing and building complex systems in research & development environments. As a baseline labor rate, we are using a relatively conservative rate of $63.91, which is the mean hourly wage for software developers in the US according to the US Bureau of Labor Statistics.

Budget breakdown:

• Labor ($15,338.40):
• Milestone 1: 120 hours
• Milestone 2: 80 hours
• Milestone 3: 40 hours
• Materials ($0):
• No materials required

Assumed $/ada exchange rate: $0.28

Total project cost: 54,780 ADA

Who is in the project team and what are their roles?

The Viper Science team members are:

Dylan Crocker, PhD: Engineer & developer (<https://www.linkedin.com/in/dylan-andrew-crocker/>)

Dylan is an Electrical Engineer with experience in antenna and radar system design as well as software development. He earned a PhD in Electrical Engineering, with a minor in Computer Science, from Georgia Tech. His PhD research focused on ultra-wideband antenna design. Dylan got started building in the Cardano ecosystem when running a stake pool during the Incentivized Testnet in 2019. His most recent work includes an open source implementation of Cardano primitives written in modern C++.

Willie Marchetto: Engineer & developer (<https://www.linkedin.com/in/willie-marchetto-2268aa266/>)

Willie is a computer & astronautical engineer experienced in designing, developing, integrating, & deploying electronics and software for satellites, embedded devices, and traditional compute systems. His technical contributions span the areas of high-performance computing, web application development, DevOps system administration, satellite electronics design, embedded systems software/firmware, and machine learning algorithm development. Willie has been an active Cardano developer and stake pool operator since 2019 and is currently the chief engineer for research & development at an aerospace engineering contracting company.

How does the cost of the project represent value for money for the Cardano ecosystem?

Investing in this R&D effort will provide Cardano developers access to a reference implementation of advanced cryptographic primitives that provide increased application security and decentralization. Therefore it is our belief that the project cost represents excellent value for money for the Cardano ecosystem for the following key reasons:

• Advanced cryptographic protocols attract developers who require enhanced security. Developers are already drawn to Cardano for its high assurance code base and security features. Threshold signatures pair well with Cardano’s security-focused milieu.
• Threshold signatures for extended Ed25519 keys enhance security for dApps and wallets by requiring multiple parties to create a valid signature (multi-factor authentication).
• Threshold signatures reduce transaction bloat and validation steps (CPU processing time). While such improvements may be marginal, they become significant when considering billions of transactions.