Paper 2022/374

Simple Three-Round Multiparty Schnorr Signing with Full Simulatability

Yehuda Lindell, Coinbase
Abstract

In a multiparty signing protocol, also known as a threshold signature scheme, the private signing key is shared amongst a set of parties and only a quorum of those parties can generate a signature. Research on multiparty signing has been growing in popularity recently due to its application to cryptocurrencies. Most work has focused on reducing the number of rounds to two, and as a result: (a) are not fully simulatable in the sense of MPC real/ideal security definitions, and/or (b) are not secure under concurrent composition, and/or (c) utilize non-standard assumptions of different types in their proofs of security. In this paper, we describe a simple three-round multiparty protocol for Schnorr signatures and prove its security. The protocol is fully simulatable, secure under concurrent composition, and proven secure in the standard model or random-oracle model (depending on the instantiations of the commitment and zero-knowledge primitives). The protocol realizes an ideal Schnorr signing functionality with perfect security in the ideal commitment and zero-knowledge hybrid model (and thus the only assumptions needed are for realizing these functionalities). In our presentation, we do not assume that all parties begin with the message to be signed, the identities of the participating parties and a unique common session identifier, since this is often not the case in practice. Rather, the parties achieve consensus on these parameters as the protocol progresses.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
threshold cryptographythreshold signingSchnorrMPC
Contact author(s)
yehuda lindell @ gmail com
History
2024-03-20: last of 8 revisions
2022-03-22: received
See all versions
Short URL
https://ia.cr/2022/374
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/374,
      author = {Yehuda Lindell},
      title = {Simple Three-Round Multiparty Schnorr Signing with Full Simulatability},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/374},
      year = {2022},
      url = {https://eprint.iacr.org/2022/374}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.