What is a Threshold Signature Scheme (TSS)?
Estimated Reading Time: 4 minutes
Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you are unlikely to be protected if something goes wrong. Take 2 minutes to learn more
If you’ve come across MAYAChain (similar to THORChain), you’ve likely seen that it uses a Threshold Signature Scheme, or TSS, to secure its vaults. But what exactly is TSS—and why does it matter?
Private Keys, Public Keys, and Wallets
Cryptocurrencies aren’t physically “stored” anywhere. Instead, they’re tied to an address. That address is generated from a public key, which itself is derived from a private key. This process only goes one way—you can move from private key to wallet address, but never backward. That’s the power of cryptography.
Think of a private key as the only key to a high-security vault. It’s unique, and only it can unlock the contents. If someone steals that key, the vault is theirs. If the key is lost, the vault is sealed forever.
Now, imagine duplicating that key for safety. While this reduces the risk of losing access, it creates a new problem: more copies mean more chances of theft.
Why TSS?
For systems like MAYAChain, where vaults hold significant amounts of capital, relying on a single private key—or even a single custodian—just isn’t safe. It’s like asking one person to carry a massive load alone: too risky, too fragile.
TSS offers a better solution. Instead of one key held by one party, the responsibility is distributed across multiple participants (nodes). Together, they generate and manage a “threshold signature,” meaning no single party ever holds the full private key. An attacker would need to compromise multiple independent nodes at once to breach the vault—an exponentially harder task.
In short, TSS turns key management from a single point of failure into a shared responsibility, making vaults far more resilient against theft or loss.
Multisigs
A MultiSig (multi-signature) wallet works like a vault with several locks—each controlled by a different guard. To open it, you need more than one key. This design makes it much harder for attackers, since stealing a single key isn’t enough to break in.
But there are trade-offs. A MultiSig vault is bulkier—every transaction needs extra data to record multiple signatures, which means higher fees. On top of that, the vault’s unusual design is visible on-chain, making MultiSig transactions easy to identify. And because every blockchain handles signatures differently (UTXO, EVM, Cosmos SDK, etc.), building MultiSig systems requires custom coding for each chain
Threshold Signature Scheme (TSS)
TSS takes a different approach. Instead of building a vault with many visible locks, each node independently generates its own key and contributes to forming one shared modular lock. No single party ever holds the entire key.
When it’s time to unlock, the nodes cooperate. Each partial key turns the modular lock a little further, and after enough contributions, the vault opens. The clever part? The lock can be designed so that only a subset of the keys is required—providing both flexibility and resilience.
Why TSS is Superior to Multisig
- Lower cost: Transactions are cheaper, since only one signature is broadcast.
- Stealth: To the blockchain, a TSS transaction looks exactly like a normal private key signature—no special flags, no exposure.
- Universal: Unlike Multisig, which must be rebuilt for every blockchain type, TSS is chain-agnostic and can be implemented anywhere.
In short: MultiSig is like adding more visible locks, while TSS creates one invisible, collaborative lock. Both improve security, but TSS does it with greater efficiency, flexibility, and discretion.
