Support for CGGMP threshold ECDSA scheme (eprint 2021/060)

[tarcieri]

I'm not sure if there's a pithy name for this paper. I've been using "GG'21" to describe it, but it includes some improvements over GG'20:

https://eprint.iacr.org/2021/060

I was curious about your feedback on it and if you think there are any ideas worth incorporating.

[ggutoski]

I think the cool kids are calling it "CGGMP". Some notes:

• We don't have time at the moment to implement it but it remains a possibility for the future.
• So far, I think it's an improvement upon GG20 (eg. it fixes the delta_inv bug in GG20 #110 , has a security proof in the UC model).
• It is less battle-tested than GG20, less understood by the community at large. (eg. no implementations yet, UC security proofs are notoriously hard to read and understand.)

[tarcieri]

I believe this implements it: https://github.com/taurusgroup/multi-party-sig

[luca992]

Also I'm wondering about how safe this implementation is. Are more recent exploits such as handled?

https://cointelegraph.com/press-releases/verichains-discovers-critical-key-extraction-attacks-in-mpc-wallets https://blog.arcadia.agency/unveiling-the-secrets-of-binances-tss-adoption-vulnerabilities-and-security-analysis-4c2fd2bf2d9a

Also I found this if anyone else is looking https://github.com/webb-tools/cggmp-threshold-ecdsa