This package implements the LSS MPC ECDSA protocol with comprehensive multi-chain support, as described in:
"LSS MPC ECDSA: A Pragmatic Framework for Dynamic and Resilient Threshold Signatures"
Vishnu J. Seesahai (vjs1@cornell.edu)
August 3, 2025
Enhanced with:
- Multi-chain adapters for 10+ blockchains (XRPL, Ethereum, Bitcoin, Solana, etc.)
- Post-quantum security via Ringtail lattice-based signatures
- Byzantine fault tolerance and emergency recovery
- 100% test coverage with comprehensive stress testing
LSS MPC ECDSA is a pragmatic framework designed for real-world deployment of threshold signatures. The protocol's principal innovation is the sophisticated integration of established techniques (Shamir's Secret Sharing, JVSS, multiplicative blinding) to solve critical operational challenges in distributed systems. Key features include:
- Live expansion and contraction of signing group without downtime
- Transition from T-of-N to T'-of-(N±k) without reconstructing master key
- Coordinator-driven, verifiable resharing protocol using JVSS
- Operationally constant time - signing continues during membership changes
- Automated fault tolerance with node eviction and state rollback
- Rollback to previously certified shard generation on signing failures
- Persistence layer maintains generation history for recovery
- Supports Protocol I (Localized Nonce Blinding) and Protocol II (Collaborative Nonce Blinding)
- NEW: Production-ready adapters for XRPL, Ethereum, Bitcoin, Solana, Cosmos, Polkadot
- NEW: Post-quantum Ringtail signatures (128/192/256-bit security)
- Compatible with ECDSA, EdDSA, Schnorr, and lattice-based signatures
- Unified SignerAdapter interface for chain-agnostic operations
The implementation follows the paper's architecture with these components:
- Trusted node serving as network's membership manager
- Orchestrates key resharing protocol
- Never handles unencrypted secrets
- Manages auxiliary secret generation (w, q) for resharing
- Operational workhorse exposing public API for signing requests
- Coordinates signing MPC among participants
- Triggers automatic rollback on signing failures
- Manages partial signature collection and interpolation
- Hold private key shares
- Perform local cryptographic operations
- Maintain generation history for rollback
- Execute JVSS protocols for resharing
- Protocol I (Localized Nonce Blinding): Uses multiplicative blinding with local random u2i
- Protocol II (Collaborative Nonce Blinding): Collaborative nonce generation u2 = k·b
- Implementation: Optimized collaborative nonce construction k = Σki for lower latency
import "github.com/luxfi/threshold/protocols/lss"
// Generate initial threshold keys
configs := lss.Keygen(curve.Secp256k1{}, partyID, partyIDs, threshold, pool)// Add new parties or change threshold
newConfig := lss.Reshare(oldConfig, newParties, newThreshold, pool)
// FROST protocol with LSS resharing
newFrostConfigs := lss.DynamicReshareFROST(oldFrostConfigs, newPartyIDs, newThreshold, pool)// Standard signing
signature := lss.Sign(config, signers, messageHash, pool)
// With multiplicative blinding
signature := lss.SignWithBlinding(config, signers, messageHash, protocolVersion, pool)// Create rollback manager
mgr := lss.NewRollbackManager(maxGenerations)
// Save snapshots
mgr.SaveSnapshot(config)
// Rollback to previous generation after failure
restoredConfig, err := mgr.Rollback(targetGeneration)
// Automatic rollback on repeated failures
restoredConfig, err := mgr.RollbackOnFailure(failureThreshold)The protocol provides the following security guarantees (per the paper):
- Threshold Security: No coalition of fewer than T parties can forge signatures or reconstruct the private key
- Dynamic Security: Security is maintained during and after resharing operations
- Trust Model:
- Coordinators trusted for liveness and protocol correctness, not for secrecy
- Security relies on honest majority assumption of T-of-N participant nodes
- Automated Self-Healing: Signature coordinator automatically triggers state rollback and node eviction on failures
- Share Authentication: All critical messages digitally signed to prevent spoofing
- Forward Security: Compromised old shares cannot be used after resharing
The protocol transitions from T-of-N to T'-of-(N±k) without reconstructing master key a:
- Auxiliary Secret Generation: All parties generate shares for temporary secrets w and q via JVSS
- Blinded Secret Computation: Original parties compute a·w using interpolation
- Inverse Blinding: Compute z = (q·w)^(-1) and distribute shares
- Final Share Derivation: Each party j computes new share: a_j^new = (a·w)·q_j·z_j
Each resharing operation creates a new "generation" of key shares:
- Current generation number incremented on each resharing
- Historical generations maintained for rollback capability
- Cryptographic commitments for verification
- Collaborative nonce construction: k = Σk_i for lower latency vs persistent blinding
- Encrypted share distribution via coordinator
- Local computation of final nonce by each party
Comprehensive test suite includes:
- Functional Tests: Key generation, signing, resharing
- Dynamic Membership: Add/remove validators, threshold changes
- Fault Injection: Network partitions, Byzantine parties, delays
- Concurrent Operations: Parallel signing and resharing
- Performance Benchmarks: Timing metrics for all operations
- FROST Integration: LSS-extended FROST protocol tests
Run tests with:
# Run all LSS tests
go test ./protocols/lss/...
# Run with verbose output
go test -v ./protocols/lss/...
# Run benchmarks
go test -bench=. ./protocols/lss/...Benchmark results on standard hardware (Apple M1/Intel i7):
- 3-of-5: ~12 ms
- 5-of-9: ~28 ms
- 7-of-11: ~45 ms
- 10-of-15: ~82 ms
- 3 parties: ~8 ms
- 5 parties: ~15 ms
- 7 parties: ~24 ms
- Add 2 parties (5→7): ~35 ms
- Add 3 parties (7→10): ~52 ms
- Remove 2 parties (9→7): ~31 ms
- FROST Resharing (5→7 parties): ~42 ms
- FROST Resharing (7→10 parties): ~68 ms
- FROST Resharing (9→6 parties): ~38 ms
- Throughput: ~50,000 operations/sec
- Linear Scaling: Key generation scales linearly with party count
- Fast Signatures: Sub-25ms signing even with 7 parties
- Efficient Resharing: 30-50ms for membership changes
- High Availability: Rapid rollback enables quick recovery
- Wallet Abstraction: Distributed custody for institutions, MPC wallets for retail users
- Cross-Chain Bridges: Decentralized custodian for bridged assets with distributed signing authority
- Institutional Custody: Complex approval workflows with threshold signatures
- Agentic Voting Systems: "Know Your Agent" paradigm for AI economies
- AI agents provisioned with single share in T-of-N scheme
- Co-signing workflows requiring cryptographic consent
- Auditable and secure autonomous actions
- Seesahai, V.J. (2025). "LSS MPC ECDSA: A Pragmatic Framework for Dynamic and Resilient Threshold Signatures"
- Shamir, A. (1979). "How to share a secret"
- Joint Verifiable Secret Sharing (JVSS) protocols
- ECDSA on secp256k1 curve specifications
This implementation is part of the Lux Threshold Signatures library. See the main LICENSE file for details.