Before Bitcoin can mature as a currency, the security of wallets must be improved. Previously, I motivated the need for sharing Bitcoin wallets using threshold signatures as a means to greatly increase their resilience to theft. For corporate users, threshold signatures enable cryptographically secure access control. For individuals, threshold signatures can be used to build two-factor secure wallets.
Our work was predicated on the assumption that there exist threshold signature schemes that are compatible with Bitcoin. Indeed, there are various threshold signature schemes that meet this requirement. But it turns out that there are a number of desirable properties of such schemes, and each alternative satisfies some subset of them. In this technical post, I’ll examine the desirable properties and how each available solution fares. While no scheme is suited to all possible applications, it appears that almost every use case can be satisfied by one of the schemes I describe.