### ROAST: Robust Asynchronous Schnorr Threshold Signatures

##### Abstract

Bitcoin and other cryptocurrencies have recently introduced support for Schnorr signatures whose cleaner algebraic structure, as compared to ECDSA, allows for simpler and more practical constructions of highly demanded "$t$-of-$n$" threshold signatures. However, existing Schnorr threshold signature schemes still fall short of the needs of real-world applications due to their assumption that the network is synchronous and due to their lack of robustness, i.e., the guarantee that $t$ honest signers are able to obtain a valid signature even in the presence of other malicious signers who try to disrupt the protocol. This hinders the adoption of threshold signatures in the cryptocurrency ecosystem, e.g., in second-layer protocols built on top of cryptocurrencies. In this work, we propose ROAST, a simple wrapper that turns a given threshold signature scheme into a scheme with a robust and asynchronous signing protocol, as long as the underlying signing protocol is semi-interactive (i.e., has one preprocessing round and one actual signing round), provides identifiable aborts, and is unforgeable under concurrent signing sessions. When applied to the state-of-the-art Schnorr threshold signature scheme FROST, which fulfills these requirements, we obtain a simple, efficient, and highly practical Schnorr threshold signature scheme.

Note: Revision 2022-09-18. Differences to original publication: Corrected communication complexity and minor editorial and formatting changes.

Available format(s)
Category
Cryptographic protocols
Publication info
Published elsewhere. ACM CCS 2022
DOI
10.1145/3548606.3560583
Keywords
threshold cryptography threshold signatures Schnorr signatures robustness FROST
Contact author(s)
crypto @ timruffing de
ronge @ cs fau de
eyj @ blockstream com
jonas schneider-bensch @ cispa de
dominique schroeder @ fau de
History
2022-09-18: revised
See all versions
Short URL
https://ia.cr/2022/550

CC BY

BibTeX

@misc{cryptoeprint:2022/550,
author = {Tim Ruffing and Viktoria Ronge and Elliott Jin and Jonas Schneider-Bensch and Dominique Schröder},
title = {ROAST: Robust Asynchronous Schnorr Threshold Signatures},
howpublished = {Cryptology ePrint Archive, Paper 2022/550},
year = {2022},
doi = {10.1145/3548606.3560583},
note = {\url{https://eprint.iacr.org/2022/550}},
url = {https://eprint.iacr.org/2022/550}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.