“…Using these protocols, a certain set of parties may transfer their joint right to generate a signature to any subset among themselves equal to or a Correspondence should be addressed to Nikita Snetkov: nikita.snetkov@cyber.ee larger than a specific threshold. There are threshold variants of RSA [62,31,22], Schnorr [49,56,29,27], Ed-DSA [44,15,57,50] and ECDSA [52,35,23,1,67] signatures, which could be used in the blockchain infrastructure or as an authentication solution [21]. With several parties being required to participate in the generation of a signature, it is not unreasonable to somewhat relax the security requirements on any single party, related to the storage or handling of its private key material.…”