Signers (DKLs23)
Signers in the Surge network handle cryptographic key operations using the DKLs23 EdDSA/ECDSA scheme, optimized for scalability and security. This scheme employs Oblivious Transfer-based Multiplication (OT Mul), offering reduced computational overhead compared to traditional methods like Paillier, which is essential for the network's large scale and decentralized nature.
Decentralized Key Management with TSS
Signers operate within a Threshold Signature Scheme (TSS) network, distributing cryptographic keys across multiple nodes to avoid centralized control. This decentralization prevents any single party from gaining control over private keys, which strengthens security compared to Bitcoin’s native multisig.
The DKLs23 with TSS ensures signing remains secure even if a portion of nodes behave maliciously, similar to the robustness guarantees offered by ROAST.
The Signers are also responsible for BTC Vault and Bridge operations, enabling secure cross-chain transfers. The decentralized bridge allows users to peg-in and peg-out BTC with DKLs23 signatures ensuring only a threshold of honest participants are needed to complete transactions.
Enhanced Security and Efficiency
- Distributed Key Generation (DKG): Keys are generated across the TSS network, with no party holding full control. This setup enhances security by distributing key authority.
- Proactive Key Refresh: Regular rotation and refreshment of keys mitigate exposure risks. This continuous refresh ensures keys are resilient, even if individual nodes are compromised.
Proactive Key Refresh
- Weighted Node Participation: Nodes within the TSS are weighted based on stake, reputation, and performance, prioritizing reliable nodes and reducing latency in signing.
- Malicious Node Detection and Slashing: DKLs23 includes mechanisms to detect and penalize malicious behavior. Any node found acting improperly can face slashing, where its staked assets are forfeited, preserving network integrity.
Economic guarantee of TSS Network
Why TSS over Bitcoin’s Native Multisig?
While Bitcoin’s multisig provides basic transaction security by requiring multiple signatures, it lacks the decentralized structure and robustness of TSS. With MPC TSS, Surge eliminates single points of failure by distributing control across numerous nodes. This ensures the secure management of zk-proof inscriptions on Bitcoin and maintains high security and efficiency without the privacy and data overhead issues associated with scripted multisigs like P2MS and Tapscript.