Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Optimal Threshold Signatures in Bitcoin

Korok Ray, Sindura Saraswathi

TL;DR

The paper tackles the problem of optimally choosing a threshold $\tau$ in $m$-of-$n$ threshold signatures for Bitcoin to balance attacker resistance against user usability. It develops both static and dynamic models, deriving closed-form thresholds under specific probability forms $p(\tau)$ and $q(\tau)$ and showing how these thresholds respond to changes in security $b$ and usability parameters $a$, as well as to time-decaying access probabilities with $\lambda$ and $\gamma$. The dynamic model introduces a multi-stage contract with time-dependent probabilities, proving that optimal thresholds tend to degrade over time while timelocks adjust in response to security and exposure, and that under certain attacker-growth scenarios, threshold behavior can shift. Simulations corroborate the theory, illustrating how $\tau^{*}$ and stage thresholds evolve with $a$, $b$, and temporal decay rates, and demonstrating practical Taproot implementations and simulations on test networks. Overall, the work provides a principled framework for designing dynamic, time-locked threshold contracts on Bitcoin that adapt to evolving security and usability conditions, with tangible tooling and a pathway toward broader integration with Taproot and second-layer protocols.

Abstract

We formulate the design of a threshold signature scheme as made possible on cryptocurrency protocols like Bitcoin. The funds are secured by an m-of-n threshold signature, where at least m signatures are needed to unlock the funds. A user designs this scheme knowing that a malicious attacker can also obtain the signatures with some probability. Higher thresholds offer more security, but also risk locking the user out of his own funds. The optimal threshold balances these twin effects. Interventions like increasing the security or usability of the signatures allow for higher thresholds. We model dynamic threshold signature schemes, where the probability of a user or attacker obtaining signatures decays with time. A dynamic threshold signature scheme is optimal, and increasing security or usability allows for higher thresholds and longer time locks.

Optimal Threshold Signatures in Bitcoin

TL;DR

The paper tackles the problem of optimally choosing a threshold in -of- threshold signatures for Bitcoin to balance attacker resistance against user usability. It develops both static and dynamic models, deriving closed-form thresholds under specific probability forms and and showing how these thresholds respond to changes in security and usability parameters , as well as to time-decaying access probabilities with and . The dynamic model introduces a multi-stage contract with time-dependent probabilities, proving that optimal thresholds tend to degrade over time while timelocks adjust in response to security and exposure, and that under certain attacker-growth scenarios, threshold behavior can shift. Simulations corroborate the theory, illustrating how and stage thresholds evolve with , , and temporal decay rates, and demonstrating practical Taproot implementations and simulations on test networks. Overall, the work provides a principled framework for designing dynamic, time-locked threshold contracts on Bitcoin that adapt to evolving security and usability conditions, with tangible tooling and a pathway toward broader integration with Taproot and second-layer protocols.

Abstract

We formulate the design of a threshold signature scheme as made possible on cryptocurrency protocols like Bitcoin. The funds are secured by an m-of-n threshold signature, where at least m signatures are needed to unlock the funds. A user designs this scheme knowing that a malicious attacker can also obtain the signatures with some probability. Higher thresholds offer more security, but also risk locking the user out of his own funds. The optimal threshold balances these twin effects. Interventions like increasing the security or usability of the signatures allow for higher thresholds. We model dynamic threshold signature schemes, where the probability of a user or attacker obtaining signatures decays with time. A dynamic threshold signature scheme is optimal, and increasing security or usability allows for higher thresholds and longer time locks.

Paper Structure

This paper contains 21 sections, 12 theorems, 197 equations, 6 figures.

Table of Contents

  1. Introduction
  2. Application to Bitcoin
  3. Related Work
  4. The Model
  5. The Optimal Threshold
  6. Dynamic threshold signature
  7. Simulation
  8. Conclusion
  9. Appendix
  10. PROOF OF PROPOSITION \ref{['prop1']}
  11. PROOF OF COROLLARY \ref{['cor1']}
  12. PROOF OF PROPOSITION \ref{['prop2']}
  13. PROOF OF PROPOSITION \ref{['prop3']}
  14. PROOF OF COROLLARY \ref{['cor2']}
  15. PROOF OF COROLLARY \ref{['cor6']}
  16. ...and 6 more sections

Key Result

proposition thmcounterproposition

With probability functions $p(\tau) = 1 - \frac{a}{2}\tau^{2}$ and $q(\tau) = 1 - \frac{b}{2}\tau^{2}$, the optimal threshold signature scheme is

Figures (6)

  • Figure 1: Probability and loss tables
  • Figure 2: The attacker’s, user’s, and total expected loss functions
  • Figure 3: An example of a dynamic threshold signature.
  • Figure 4: Relationship between $\tau^{*}$, $a$, and $b$ (\ref{['prop1']})
  • Figure 5: Relationship between $\tau^{*}_{1}$, $\tau^{*}_{2}$, $a$, and $b$ (\ref{['prop2']})
  • ...and 1 more figures

Theorems & Definitions (12)

  • proposition thmcounterproposition
  • corollary thmcountercorollary
  • proposition thmcounterproposition
  • proposition thmcounterproposition
  • corollary thmcountercorollary
  • corollary thmcountercorollary
  • corollary thmcountercorollary
  • corollary thmcountercorollary
  • corollary thmcountercorollary
  • corollary thmcountercorollary
  • ...and 2 more