One of the most anticipated cryptography functions in the world of Bitcoin is the well-known Signature Aggregation or Signature Aggregation. This is a function that seeks to expand and improve the digital signature capabilities of this cryptocurrency. But what exactly is Signature Aggregation? Well, let’s take a deep look at this technology.
Signature Aggregation, a new way to make digital signatures
When we talk about Signature Aggregation (SA or Signature Aggregation), we refer to a new cryptographic technique or protocol that seeks to expand the capabilities of digital signature. More specifically, Signature Aggregation seeks to make such signatures can be grouped and compressed in a unique way, but that can be verified at all times if necessary. In this way, the signatures that make up an SA can be represented in a single digital signature, but said SA can help us to correctly validate the data assigned to each of the digital signatures within that same SA.
Sounds complex, right? It certainly is, but behind the complexity lies a very simple reasoning that we will quickly explain with this example:
Imagine for a moment that you have a digital document that has to receive three digital signatures. If the document receives the digital signatures of these people, anyone who can read its metadata can see whose signatures they are, and not only that, the document itself has increased in size in terms of storage we speak.
But what would happen if we apply a Signature Aggregation or Signature Aggregation? Well, in that case, the three people who sign the document do so in the normal way, but as the signatures are joined, the algorithm joins them to generate a single digital signature, which is then joined to the digital document. With this, firstly, we sign the document and it can be validated, secondly, no one will be able to know exactly who are the ones who signed the document, but it is still valid, and thirdly, now the document only has a digital signature , takes up much less storage space.
A technology to improve the security of our transactions
This is exactly what a Signature Aggregation does, and it is perfect to be used in blockchain technology, especially in multi-signature transactions or other multi-signature operations since it allows us to save storage space in the blocks, thereby improving scalability, and at the same time, improving network privacy by protecting our digital signatures in a publicly auditable environment such as a blockchain.
With this we can clearly see why there is so much interest in implementing such technology in Bitcoin and other cryptocurrencies, something that is closer than it seems.
Aggregation of signatures and Schnorr signatures
In another article we have talked about Schnorr signatures and the great interest in implementing them in Bitcoin. Well, part of that interest is directly related to the Signature Aggregation (SA). The reason? Schnorr signatures were designed from the ground up to support these kinds of features. This makes them ideal for this type of cryptographic techniques.
In fact, Schnorr signatures would allow to take the Aggregation of Signatures in Bitcoin much further, allowing that individual transactions with multiple entries and, therefore, with different signatures for each entry, can be represented by a single digital signature of this type. This feature is known as Cross-input Aggregation, and it can help save up to 30% of space on Bitcoin blocks. A situation that would allow an increase in space to introduce more transactions in each block, improving the scalability of the network. Not to mention the privacy achieved by this system, since it is impossible to trace individual signatures from this single signature, making it impossible to track signatures with their corresponding entries within each transaction. Although, this Cross-input Aggregation scheme may not be seen in bitcoin ever, due to what Gregory Maxwell explains in an extensive thread on Bitcointalk.
However, in Bitcoin most developers agree that Signature Aggregation is vital, and this would go hand in hand with technologies such as the Schnorr and Taproot signatures, where it could fully exploit its capabilities. And it is that we remember that, the objective of Taproot is to enable better and more complex scripts within Bitcoin. Scripts that
of course are accompanied by digital signatures, and that could be replaced by an Aggregation of Signatures without major problems.
Advantages and disadvantages of Signature Aggregation
Now, let’s examine a little what are the advantages and disadvantages that arise with this new system of digital signatures. In the case of its advantages we can mention:
- Greatly reduces the size of the digital signature section for multi-signature transactions. This allows saving space within the blocks so that other transactions are placed within it, thus improving the scalability of the network.
- Signature verification is faster and more efficient. This is because only one signature must be verified instead of several signatures at the same time. This reduces the need for power for this task.
- Third, anonymity is optimized to some extent. This is because the aggregate signature is a composite of individual signatures belonging to individual users. However, it is impossible to know which of those signatures were the origin of the aggregate signature.
- Signature Aggregation is a fundamental pillar for technologies such as MAST, Taproot, Grafroot, in addition to opening the doors to new improvements for second layer protocols, atomic swaps and other on-chain implementations.\
However, due to disadvantages we can mention:
- It is quite a complex implementation to do. In fact, the Bitcoin development team has been working on this implementation for about two years and it is still in development.
- Careful implementation is required to prevent certain attack vectors that would enable unauthorized spending of funds. This is possible if a fake signature aggregate scheme is used in a type of attack known as Rogue Attack. What this attack does is, in a way, “forge” a digital signature. This forces the other party to reveal information that could be used against them. With this information, the attacker can trivially calculate a valid digital signature for an aggregate signature scheme. That way, he can effectively steal money from an address that is not under his control. This is one of the reasons for the careful implementation of aggregate signatures in Bitcoin.
- There is the possibility of using signature aggregation to cover all transactions within a block. However, this puts the security of Bitcoin and any cryptocurrency that implements such a feature at serious risk. This is because, if an attacker succeeds in carrying out a Rogue Attack, or discovers some other flaw in the implementation, he could easily steal the funds from that block or series of blocks.