Digital Signature Algorithms
io.finnet technology works with multiple digital signature standards
Digital signatures are a cryptographic primitive that underpins the security of blockchains and digital asset custody solutions like io.vault. They provide three key properties:
- Authentication - Verifying the identity of the signer
- Non-repudiation - The signer cannot deny having signed the message
- Integrity - Detecting if the message has been altered since signing
io.vault supports two primary digital signature algorithms: the Elliptic Curve Digital Signature Algorithm (ECDSA) and the Edwards-curve Digital Signature Algorithm (EdDSA). Let's explore in more depth.
Curve and Signature Support
io.vault supports the following algorithms and elliptic curves.
ECDSA | EdDSA | BIP-340 (Schnorr) | |
|---|---|---|---|
Curve | secp256k1 / NIST P-256 | Edwards25519 | secp256k1 |
COSE Name | ES256K / ESKEC256 / ESP256 | ED25519 | — |
Threshold Algorithm | CGGMP21 | NIST IR 8214B | NIST IR 8214B |
Public Key Size | 33 bytes (compressed), | 32 bytes | 33 bytes (compressed) |
HD Wallets | Yes, Unhardened | Yes, Unhardened | Yes, Unhardened |
XPub Format | Standard BIP32 | BIP32-like with 00 prefix and 32-byte key | Standard BIP32 |
Bitcoin Address Type | SegWit | — | Taproot |
Example Chains | Bitcoin, Ethereum, XRPL | Solana, TON, Cardano, NEAR | Bitcoin Taproot, Polkadot |
Elliptic Curve Digital Signature Algorithm (ECDSA)
ECDSA is the signature scheme used in Bitcoin, Ethereum, and many other blockchains. It's based on the algebraic structure of elliptic curves over finite fields.
Key facts about ECDSA:
- Relies on the assumed difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP)
- Uses a curve and base point defined in a standard, e.g., secp256k1 in Bitcoin
- Private key is a random integer, public key is a point on the curve
- Signing involves generating a random nonce and computing a signature (r, s)
- Verification checks a mathematical relationship between the message, public key, and signature
ECDSA has good performance and relatively short signature sizes, making it well-suited for blockchain use.
Edwards-curve Digital Signature Algorithm (EdDSA)
EdDSA is a more recent signature scheme based on twisted Edwards curves. It's designed to be faster and more secure than ECDSA.
Notable differences from ECDSA:
- Uses a different curve form for better performance and implementation security
- Deterministic nonce generation to prevent common ECDSA pitfalls
- Includes a hash of the private key in the signature for better malleability resistance
- Cleaner and more efficient implementation
EdDSA is seeing increasing adoption, particularly in newer blockchain platforms and protocols. The most common variant is Ed25519, which uses the curve Curve25519 and the hash function SHA-512.
io.finnet supports both ECDSA and EdDSA across different blockchains. The MPC and TSS schemes are agnostic to the underlying signature algorithm.
Hierarchical Deterministic (HD) Wallets
HD wallets (defined in BIP32) allow a single seed to deterministically derive a structured tree of keypairs. io.vault fully supports HD wallet semantics across all supported curve types.
Key features of HD wallets in io.vault:
- Unhardened derivation is supported for all curve types (secp256k1, secp256r1, Ed25519), allowing public key derivation without knowledge of private keys.
- BIP44 path structure (e.g.,
m/44/60/0/0/0) is used for adherence to chain-specific conventions. - XPub / XPrv formats are standardized:
- For ECDSA: Standard BIP32 format with version bytes (
xpub,ypub, etc.) - For EdDSA: BIP32-like format with a fixed prefix and 32-byte keys
- XPrvs can be exported when all key shards are collected as part of a Disaster Recovery process.
- For ECDSA: Standard BIP32 format with version bytes (
- Secure key management: io.vault does not persist raw seeds but rather creates wallets with MPC-generated sharded seeds that are distributed across devices and kept in encrypted storage.
- Multi-chain support: A single HD wallet can derive keys across multiple blockchains and signature schemes, enabling multi-asset custody from one root.
Why HD wallets matter in secure custody:
- Operational scalability: A single seed gives access to billions of keypairs, all deterministically derived.
- Auditability: Clear derivation paths enable hierarchical access control, user-level partitioning, and deterministic tracking of key lineage.
- MPC compatibility: In io.vault, HD key derivation is performed under threshold control, so no single party ever sees the root or derived key material at any point.
Noteio.vault's implementation of HD wallets ensures cryptographic isolation and full determinism across all derived keys, making it suitable for regulated institutions requiring deterministic audit trails and secure backup strategies with multiple addresses stemming from a single MPC-secured seed.
Lattice-Based Signatures (Post-Quantum)
As the cryptography landscape shifts toward the "Q-Day" scenario (the arrrival of cryptographically relevant quantum computers), Lattice-Based Cryptography has emerged as the global standard for quantum-resistant digital signatures. Unlike ECDSA or EdDSA, which rely on the discrete logarithm problem, these algorithms are built on the hardness of lattice problems.
What is Coming
Following the NIST standardization finalization in 2024, we are actively monitoring the transition to the following schemes:
- ML-DSA (Module-Lattice-Based Digital Signature Algorithm): Formerly known as Dilithium. This is the primary NIST standard for digital signatures due to its balance of security and high performance.
- SLH-DSA (Stateless Hash-Based Digital Signature Algorithm): Formerly known as SPHINCS+. A robust backup standard based on hash functions rather than lattices.
- FN-DSA (FFT over NTRU-Lattice-Based Digital Signature Algorithm): Formerly known as Falcon. Designed for cases requiring minimized signature sizes.
The Hybrid Transition
We anticipate the industry will adopt hybrid schemes for the immediate future. In this model, a transaction is signed by both a classical key (ECDSA) and a post-quantum key (ML-DSA). This ensures security against future quantum threats without breaking backward compatibility with existing blockchain infrastructure.
The State of Academic Research in 2026
While single-party lattice signatures are now standardised, Threshold Lattice Signatures remain a cutting-edge area of academic research. Implementing these in a distributed MPC environment presents unique engineering challenges compared to Threshold ECDSA.
- The Rejection Sampling Hurdle: Lattice signatures like ML-DSA require "rejection sampling"—a process where the signer effectively "retries" the signature generation until the output satisfies a statistical distribution (preventing key leakage). In a distributed MPC setting, coordinating these retries across multiple parties without leaking private data is computationally expensive.
- Recent Breakthroughs: The field is moving quickly. Notable recent developments include:
- In May 2024, a new signature scheme specifically designed to be "threshold-friendly" by removing the need for rejection sampling known as TRaccoon was introduced, making it a strong candidate for future MPC implementations.
- In June 2025, a paper by Niot and del Pino of PQShield proposed a novel threshold scheme that achieves signature sizes comparable to standard Dilithium for small committees.
- In August 2025, a paper named Unmasking TRaccoon explored adding "Identifiable Abort" to the original TRaccoon protocol.
- Standardization Timeline: NIST is currently evaluating these approaches under the Multi-Party Threshold Cryptography (MPTC) project (see NIST IR 8214C).
Until these threshold protocols are standardized and audit-proven, io.vault will prioritise the security of proven threshold schemes while preparing our infrastructure for a hybrid post-quantum future.
Updated 13 days ago
Dive deeper into how these signature algorithms are used in practice to secure blockchain transactions.