Paper 2023/1019

The many faces of Schnorr

Victor Shoup, DFINITY

Recently, a number of highly optimized threshold signing protocols for Schnorr signatures have been proposed. While these proposals contain important new techniques, some of them present and analyze these techniques in very specific contexts, making it less than obvious how these techniques can be adapted to other contexts (and perhaps combined with one another). The main goal of this paper is to abstract out and extend in various ways some of these techniques, building a toolbox of techniques that can be easily combined in different ways and in different contexts. To this end, we present security results for various "enhanced" modes of attack on the Schnorr signature scheme in the non-distributed setting. These results support a modular approach to protocol design and analysis in which one reduces the security of a distributed signing protocol to such an enhanced attack mode in the non-distributed setting. We show how these results can be used to easily design new threshold Schnorr protocols that enjoy better security and/or performance properties than existing ones.

Available format(s)
Cryptographic protocols
Publication info
digital signatureSchnorr signaturethreshold cryptographygeneric group model
Contact author(s)
victor @ shoup net
2024-04-08: last of 4 revisions
2023-06-30: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial-NoDerivs


      author = {Victor Shoup},
      title = {The many faces of Schnorr},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1019},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.