4.4 Composite Key

The term "public key" in the above description actually refers to a type of composite key. A composite key is a tree structure whose leaves are conventional cryptographic public keys accompanied by an algorithm identifier. Nodes within the tree specify the weight of each of its child nodes and a weighted threshold that must be reached. The validity of a set of signatures can be verified by summing the weights of all keys with valid signatures in the tree, from bottom to top, and comparing this sum to the threshold. By using weights and thresholds, a variety of scenarios can be encoded, including boolean expressions using AND and OR.

Composite keys are useful in multiple scenarios. For instance, an asset can be under the control of a composite key: one key belongs to a user, another to an independent risk analysis system. When a transaction appears suspicious, such as transferring too much value in a very short time window, the risk analysis system may refuse to sign the transaction. Another example involves encoding cooperative structures into keys, allowing a CFO to sign a large transaction alone, while their subordinates would need to sign together. Composite keys are also very useful for notary services.

In a distributed notary service, each participant is represented by a leaf of the tree, and specific threshold settings can make the group's signature valid even if some participants are offline or refuse to sign. Although literature exists on threshold signature schemes that can precisely generate composite keys and signatures, to allow the mixing of keys using different algorithms, a less space-efficient explicit form has been chosen. This approach avoids the need for all participants in a group to upgrade simultaneously while phasing out old algorithms and adopting new ones.