partysig

A command-line tool for creating and verifying distributed multi-party signatures.

Installation

$ pip install partysig

Usage

Key generation

On one machine, run:

$ partysig keygen start

On the other machines, run:

$ partysig keygen join

Signing

On the machine with the file to sign, run:

$ partysig sign start FILE

On the other machines, run:

$ partysig sign join

Verifying signatures

Run:

$ partysig verify FILE SIGNATURE

Design

The current signature version (v1) implements Bitcoin-style multi-sig, where the overall multisignature contains:

• The number of signatures required for the multisignature to be valid
• The public keys allowed to create signatures
• Signatures from a subset of those keys

The first two parts together are equivalent to a Bitcoin script, and are similarly hashed to get the "master key" for the multi-party signature group. Ed25519 is used for the individual signatures, and BLAKE2b is used for creating the master key.

Signature format

Version    (1-byte uint)     \
Threshold  (1-byte uint)      |_ Hashed to obtain
Size       (1-byte uint)      |  the master key
Pubkeys    (32 x size bytes) /
Signatures (64 x threshold bytes)

Acknowledgements

• Joanna Rutkowska asked the question that prompted the creation of this tool.
• Brian Warner wrote Magic Wormhole, which is a key component to this tool's usability.