### ROAST: Robust Asynchronous Schnorr Threshold Signatures

Tim Ruffing, Viktoria Ronge, Elliott Jin, Jonas Schneider-Bensch, and Dominique Schröder

##### Abstract

Bitcoin and other cryptocurrencies have recently introduced support for Schnorr signatures whose cleaner algebraic structure, as compared to ECDSA, allows for simpler and more practical constructions of highly demanded "$t$-of-$n$" threshold signatures. However, existing Schnorr threshold signature schemes (like their ECDSA counterparts) still fall short of the needs of real-world applications due to their assumption that the network is synchronous and due to their lack of robustness, i.e., the guarantee that $t$ honest signers are able to obtain a valid signature even in the presence of other malicious signers who try to disrupt the protocol. This hinders the adoption of threshold signatures in the cryptocurrency ecosystem, e.g., in second-layer protocols built on top of cryptocurrencies. In this work, we propose $\mathsf{ROAST}$, a simple wrapper that turns a given threshold signature scheme into a scheme with a robust and asynchronous signing protocol, as long as the underlying signing protocol is semi-interactive (i.e., has one preprocessing round and one actual signing round), provides identifiable aborts, and is unforgeable under concurrent signing sessions. When applied to the state-of-the-art Schnorr threshold signature scheme $\mathsf{FROST}$, which fulfills these requirements, we obtain a simple, efficient, and highly practical Schnorr threshold signature scheme.

Available format(s)
Category
Cryptographic protocols
Publication info
Preprint. Minor revision.
Keywords
threshold cryptographythreshold signaturesSchnorr signaturesrobustness
Contact author(s)
crypto @ timruffing de
History
Short URL
https://ia.cr/2022/550

CC BY

BibTeX

@misc{cryptoeprint:2022/550,
author = {Tim Ruffing and Viktoria Ronge and Elliott Jin and Jonas Schneider-Bensch and Dominique Schröder},
title = {ROAST: Robust Asynchronous Schnorr Threshold Signatures},
howpublished = {Cryptology ePrint Archive, Paper 2022/550},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/550}},
url = {https://eprint.iacr.org/2022/550}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.