Paper 2023/1482

Twinkle: Threshold Signatures from DDH with Full Adaptive Security

Renas Bacho, CISPA Helmholtz Center for Information Security, Saarland University
Julian Loss, CISPA Helmholtz Center for Information Security
Stefano Tessaro, University of Washington
Benedikt Wagner, CISPA Helmholtz Center for Information Security, Saarland University
Chenzhi Zhu, University of Washington

Sparkle is the first threshold signature scheme in the pairing-free discrete logarithm setting (Crites, Komlo, Maller, Crypto 2023) to be proven secure under adaptive corruptions. However, without using the algebraic group model, Sparkle's proof imposes an undesirable restriction on the adversary. Namely, for a signing threshold $t<n$, the adversary is restricted to corrupt at most $t/2$ parties. In addition, Sparkle's proof relies on a strong one-more assumption. In this work, we propose Twinkle, a new threshold signature scheme in the pairing-free setting which overcomes these limitations. Twinkle is the first pairing-free scheme to have a security proof under up to $t$ adaptive corruptions without relying on the algebraic group model. It is also the first such scheme with a security proof under adaptive corruptions from a well-studied non-interactive assumption, namely, the Decisional Diffie-Hellman (DDH) assumption. We achieve our result in two steps. First, we design a generic scheme based on a linear function that satisfies several abstract properties and prove its adaptive security under a suitable one-more assumption related to this function. In the context of this proof, we also identify a gap in the security proof of Sparkle and develop new techniques to overcome this issue. Second, we give a suitable instantiation of the function for which the corresponding one-more assumption follows from DDH.

Available format(s)
Publication info
A minor revision of an IACR publication in EUROCRYPT 2024
Threshold SignaturesAdaptive SecurityPairing-FreeNon-Interactive Assumptions
Contact author(s)
renas bacho @ cispa de
loss @ cispa de
tessaro @ cs washington edu
benedikt wagner @ cispa de
zhucz20 @ cs washington edu
2024-02-26: revised
2023-09-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Renas Bacho and Julian Loss and Stefano Tessaro and Benedikt Wagner and Chenzhi Zhu},
      title = {Twinkle: Threshold Signatures from DDH with Full Adaptive Security},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1482},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.