- We give a modular security proof that follows a two-step approach: 1) We introduce a new security notion for distributed key generation protocols (DKG). We show that it is satisfied by several protocols that previously only had a static security proof. 2) Assuming any DKG protocol with this property, we then prove unforgeability of the threshold BLS scheme. Our reductions are tight and can be used to substantiate real-world parameter choices.
- To justify our use of strong assumptions such as the algebraic group model (AGM) and the hardness of one-more-discrete logarithm (OMDL), we prove two impossibility results: 1) Without the AGM, there is no tight security reduction from $(t+1)$-OMDL. 2) Even in the AGM, $(t+1)$-OMDL is the weakest assumption from which any (possibly loose) security reduction exists.
Category / Keywords: foundations / Threshold Signatures, BLS Signatures, Algebraic Group Model Date: received 3 May 2022, last revised 16 May 2022 Contact author: renas bacho at cispa de, lossjulian at gmail com Available format(s): PDF | BibTeX Citation Version: 20220516:203343 (All versions of this report) Short URL: ia.cr/2022/534