Behind the ARPA Network: A Threshold Signature System Putting TSS-BLS to Work

ARPA Official
5 min readOct 14, 2022


What Is the Threshold BLS Signature Scheme

What Is Threshold Signature Scheme

The threshold signature scheme (TSS) is a subfield of multi-party computation (MPC) generating digital signatures in a distributed way.

In blockchains, TSS can influence the design of key management systems (such as the ones in crypto wallets) by avoiding a single point of failure. More specifically, it can significantly increase the security of blockchains and applications by replacing private key related operations with TSS-based distributed computations.

TSS can also help improve blockchains. TSS framework can support decentralized applications, layer 2 scaling solutions, atomic swaps, mixing, and much more. This infrastructure change would eventually allow expensive on-chain smart contract operations to be replaced by cheaper and more reliable alternatives.

What Is Boneh-Lynn-Shacham Signature Scheme

Digital signatures made blockchain possible. Boneh-Lynn-Shacham (BLS) signature is a provably secure cryptographic signature scheme that allows a user to verify that a signer is authentic.

It has several unique features compared to other signature schemes, including conciseness, determinism, and the most important property that makes it irreplaceable to blockchain: signature aggregation. This property makes next-gen blockchain PoS consensus protocols (such as ETH2.0) practical.

Why? The integrated BLS signature scheme allows all validators’ signatures to be aggregated. We then can verify all of the attestations of hundreds of validators with a single signature verification operation. Thus, BLS signature scheme can significantly increase the scalability of blockchains, and we will save a lot of time, block space, and gas when it comes to the consensus process.

What Do We See in the Threshold BLS Scheme (TSS-BLS)

Many classical signature algorithms have been modified into threshold schemes, including BLS, Elliptic Curve Digital Signature Algorithm (ECDSA), Edwards-curve Digital Signature Algorithm (EdDSA), and Rivest–Shamir–Adleman (RSA). But when applied to a distributed system like blockchain, not all threshold signature schemes are well suited. Currently, ECDSA is the most popular one because Bitcoin and Ethereum both use ECDSA for generating keys and signing transactions. Thus, most applications (such as ZenGo and Fireblocks) need their underlying cryptographic primitive to be compatible with ECDSA.

On top of the ECDSA algorithm itself, the intricacy of handling private keys requires high security and stability. The TSS can “shard” a private key and store the shards separately, significantly increasing the system in both the aforementioned aspects. Considering these, a threshold ECDSA scheme seems perfect for on-chain applications. However, a threshold ECDSA scheme has many deficiencies compared to a threshold BLS scheme.

Firstly, threshold ECDSA needs multiple rounds of synchronous communication, while the communication in threshold BLS is asynchronous. Multiple rounds of communications will influence the speed of threshold signature generation. Moreover, a failed node may even cause protocol abort.

Secondly, BLS signatures are deterministic, unlike ECDSA, which requires a new random value for each signing. Being deterministic prevents signers from biasing results by repeated signing attempts. The determinism of BLS signature guarantees the immutability of the resulting threshold signature regardless of what kinds of attacks (computationally bounded) are conducted.

Thirdly, as mentioned above, BLS signatures are about half the length of ECDSA signatures and are aggregatable. This property will potentially enable a scalable, sharded blockchain.

What Efforts Did We Make To Adapt the TSS-BLS for Blockchains

TSS systems and blockchains are a perfect match. TSS can be used to secure many aspects of blockchains, and blockchains can orchestrate running TSS systems on a wide scale. ARPA Network is the combination of TSS system and blockchain. The threshold BLS signature part of the network is responsible for generating a decentralized tamper-proof signature, and the blockchain provides a reliable broadcast channel and coordination. The two pieces are interdependent.

To enable a secured permissionless network, we adopted game theory to design token economics and node grouping mechanism to distinctly restrain malicious intent.

Good tools and infrastructures should be open-sourced and easily assembled like lego. We modularized the architecture of the ARPA Network and left a lot of space for customizations. Anyone can tweak the parameters to change the security level and configure the private key usage policy to meet specific needs by forking our code base.

Considering the scalability problem, we believe soon, instead of one chain ruling it all, there will be an explosion of blockchains, each specialized and optimized for different use cases. To give ARPA Network the possibility of being utilized by more developers in more scenarios, we baked multi-chain support into our technical design.

TSS networks are criticized for being slow, more so when limited by block time. We designed a unique grouping mechanism that allows multiple groups of nodes to perform BLS computation tasks in parallel, significantly increasing the throughput of the ARPA Network.

What You Can Do With ARPA Network

If you want a BLS signature for your project, such as for a random number generator, request ARPA Network’s service directly on blockchains.

If you want to become a node of ARPA Network and gain rewards by performing BLS computation, join the waitlist.

If you want to use ARPA Network as the infrastructure of your application, such as secure wallet, cross-chain bridge, or blockchains, contact us.

If you want to design and implement a TSS network of your own, you can take a cue from our fully open-source ARPA Network and modify it flexibly to suit your needs.


Alfred Menezes. An introduction to pairing-based cryptography. Recent trends in cryptography, 477:47–65, 2009.

ARPA whitepaper

About ARPA

ARPA Network (ARPA) is a decentralized secure computation network built to improve the fairness, security, and privacy of blockchains. ARPA threshold BLS signature network serves as the infrastructure of verifiable Random Number Generator (RNG), secure wallet, cross-chain bridge and decentralized custody across multiple blockchains.

ARPA was previously known as ARPA Chain, a privacy-preserving Multi-party Computation (MPC) network founded in 2018. ARPA Mainnet has completed over 224,000 computation tasks in the past years. Our experience in MPC and other cryptography laid the foundation for our innovative threshold BLS signature schemes (TSS-BLS) system design and led us to today’s ARPA Network.

Randcast, a verifiable Random Number Generator (RNG), is the first application that leverages ARPA as infrastructure. Randcast offers a cryptographically generated random source with superior security and low cost compared to other solutions. Metaverse, game, lottery, NFT minting and whitelisting, key generation, and blockchain validator task distribution can benefit from Randcast’s tamper-proof randomness.

For more information about ARPA or to join our team, please contact us at

Learn about ARPA’s recent official news:

Twitter: @arpaofficial



Telegram (English):

Telegram (Turkish):

Telegram (Việt Nam):

Telegram (Russian):

Telegram (Indonesian):

Telegram(Sri Lanka):





ARPA Official

ARPA is a privacy-preserving blockchain infrastructure enabled by MPC. Learn more at