Secure dynamic threshold signature scheme employing trusted hardware

What is claimed is: 1 . A computer-implemented method of controlling access to a resource, the method implemented by a processing resource of a node in the blockchain network, the method comprising the step of: generating an elliptic curve digital signature algorithm signature comprising a first signature component, r, and a second signature component, w, to enable a threshold number of nodes to cooperatively sign a blockchain transaction without revealing private secret shares and without changing a group public key, the generation step comprising: forming, by the node, a signing group with other nodes; obtaining, by the processing resource of the node within an enclave of a trusted execution environment (TEE), based on a secure random number: a) a multiplicative inverse of the secure random number; and b) the first signature component, r, wherein the first signature component is determined based on the secure random number and an elliptic curve generator point; determining, by the processing resource of the node within the enclave of the TEE, a partial signature based on a private secret share, the multiplicative inverse of the secure random number, and the first signature component, r; receiving, by the processing resource of the node within the enclave of the TEE, partial signatures from other nodes of the signing group; generating, by the processing resource of the node within the enclave of the TEE, the second signature component, w, based on the determined partial signature and the received partial signatures; and using, by the node, the signature to control access to the resource and/or transfer of the resource. 2 . The computer-implemented method of claim 1 , wherein obtaining comprises generating, within the enclave, the multiplicative inverse and the first signature component, r, and wherein the method further comprises sending, from the enclave, the multiplicative inverse to the other nodes of the signing group. 3 . The computer-implemented method of claim 2 , wherein obtaining comprises provisioning the enclave associated with the TEE of the node to generate the secure random number. 4 . The computer-implemented method of claim 1 , wherein obtaining comprises receiving, within the enclave, the multiplicative inverse and the first signature component, r, from one of the other nodes of the signing group. 5 . The computer-implemented method of claim 1 , further comprising, prior to forming the signing group, signalling, by the node, an intention to participate in distributed signature generation for the blockchain transaction. 6 . The computer-implemented method of claim 1 , wherein the partial signature is determined by performing Lagrangian interpolation to compute a Lagrangian interpolation coefficient used in generating the partial signature based on the private secret share, the multiplicative inverse of the secure random number, and the first signature component, r. 7 . The computer-implemented method of claim 1 , wherein the method further includes, after generating the second signature component, w, sending the elliptic curve digital signature algorithm from the enclave to a host portion of the node for adding to the blockchain transaction. 8 . The computer-implemented method of claim 1 , further comprising adding the signature to the blockchain transaction and broadcasting the blockchain transaction to a blockchain network. 9 . The computer-implemented method of claim 1 , further comprising, prior to forming the signing group, obtaining the private secret share based on secret share data received from a plurality of existing members of the signing group. 10 . The computer-implemented method of claim 9 , wherein the private secret share is determined within the enclave. 11 . The computer-implemented method of claim 1 , wherein the partial signature, v i , is determined as: v i =k −1 rb i s i mod p, where b i is a Lagrangian interpolation coefficient, k −1 is the multiplicative inverse of the secure random number, s i is the private secret share, r is the first signature component, and p is an order. 12 . The computer-implemented method of claim 1 , wherein the resource is an unspent transaction output (UTXO) encumbered by the group public key, and wherein using the signature comprises unlocking the encumbrance on the UTXO to enable transfer of the UTXO in the blockchain transaction, the blockchain transaction being validated by a blockchain network to authorize access to a digital asset represented by the UTXO. 13 . The computer-implemented method of claim 1 , wherein using the signature to control access to the resource comprises executing a smart contract on a blockchain network, the smart contract verifying the signature to unlock a cryptographic lock controlling access to a hardware-based resource external to the blockchain network. 14 . The computer-implemented method of claim 13 , wherein the hardware-based resource comprises a physical access control device, and wherein executing the smart contract causes the physical access control device to transition from a locked state to an unlocked state to permit physical access to a restricted area or device. 15 . A non-transitory computer-readable storage medium comprising computer-executable instructions that, when executed by a processor of a node, cause the processor to perform a method of controlling access to a resource, the method comprising: generating an elliptic curve digital signature algorithm signature comprising a first signature component, r, and a second signature component, w, to enable a threshold number of nodes to cooperatively sign a blockchain transaction without revealing private secret shares and without changing a group public key, the generation step comprising: forming, by the node, a signing group with other nodes; obtaining, by the processor of the node within an enclave of a trusted execution environment (TEE) of the node, based on a secure random number: a) a multiplicative inverse of the secure random number; and b) the first signature component, r, wherein the first signature component is determined based on the secure random number and an elliptic curve generator point; determining, by the processor of the node within the enclave of the TEE, a partial signature based on a private secret share, the multiplicative inverse of the secure random number, and the first signature component, r; receiving, by the processor of the node within the enclave of the TEE, partial signatures from other nodes of the signing group; generating, by the processor of the node within the enclave of the TEE, the second signature component, w, based on the determined partial signature and the received partial signatures; and using, by the node, the signature to control access to the resource and/or transfer the resource. 16 . An electronic device, wherein the electronic device is a node, the electronic device comprising: an interface device to communicate with other nodes; a processor coupled to the interface device; and a memory coupled to the processor, the memory having stored thereon computer-executable instructions that, when executed by the processor, cause the processor to perform a method of controlling access to a resource, the method comprising: generating an elliptic curve digital signature algorithm signature comprising a first signature component, r, and a second signature component, w, to enable a threshold number of nodes to cooperatively sign a blockchain transaction without revealing private secret shares and without changing a g