Shamir's Secret Sharing: Could each shard individually sign a transaction?

Question

As the title explains: could each shard created with SSS be used to each sign a transaction, share the signed transaction to the next shard owner and let them sign the transaction until there is a fully signed crypto transaction?

Put simply, where N is the number of shards required to create the final data:

• Shard A creates the transaction, signs the transaction using their shard and passes it to shard B.
• Shard B signs the already signed transaction using the previously signed data and passes it to shard N.
• Shard N signs the transaction using their (final) shard, then distributes it onto the blockchain.

Where the transaction is just any blockchain in general and the shard owners do NOT know each other's shards.

Is this theoretically possible? Could this work in a situation where you only require 2/3rds of the shards to discover the secret?

Answer 1

It depends on the signing algorithm used. If the signatures are linear, as they are with EdDSA, then this works. If they combine some other way, as they do with ECDSA, then this will not work.

Note that a bit more work may be required. For example, you may need to generate a shared constant that each signer knows part of to use in the signing algorithm.