HARTS: High-Threshold, Adaptively Secure, and Robust Threshold Schnorr Signatures
Renas Bacho, CISPA Helmholtz Center for Information Security, Saarland University
Julian Loss, CISPA Helmholtz Center for Information Security
Gilad Stern, Tel Aviv University
Benedikt Wagner, Ethereum Foundation
Abstract
Threshold variants of the Schnorr signature scheme have recently been at the center of attention due to their applications to cryptocurrencies. However, existing constructions for threshold Schnorr signatures among a set of parties with corruption threshold suffer from at least one of the following drawbacks: (i) security only against static (i.e., non-adaptive) adversaries, (ii) cubic or higher communication cost to generate a single signature, (iii) strong synchrony assumptions on the network, or (iv) are sufficient to generate a signature, i.e., the corruption threshold of the scheme equals its reconstruction threshold. Especially (iv) turns out to be a severe limitation for many asynchronous real-world applications where is necessary to maintain liveness, but a higher signing threshold of is needed. A recent scheme, ROAST, proposed by Ruffing et al. (ACM CCS 2022) addresses (iii) and (iv), but still falls short of obtaining subcubic communication complexity and adaptive security.
In this work, we present HARTS, the first threshold Schnorr signature scheme to incorporate all these desiderata. More concretely:
- HARTS is adaptively secure and remains fully secure and operational even under asynchronous network conditions in the presence of up to malicious parties. This is optimal.
- HARTS outputs a Schnorr signature of size with a near-optimal amortized communication cost of bits and a single asynchronous online round per signature.
- HARTS is high-threshold: no fewer than signature shares can be combined to yield a full signature, where any is supported. This especially covers the case . This is optimal.
We prove our result in a modular fashion in the algebraic group model. At the core of our construction, we design a new simple and adaptively secure high-threshold asynchronous verifiable secret sharing (AVSS) scheme which may be of independent interest.
@misc{cryptoeprint:2024/280,
author = {Renas Bacho and Julian Loss and Gilad Stern and Benedikt Wagner},
title = {{HARTS}: High-Threshold, Adaptively Secure, and Robust Threshold Schnorr Signatures},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/280},
year = {2024},
url = {https://eprint.iacr.org/2024/280}
}
Note: In order to protect the privacy of readers, eprint.iacr.org
does not use cookies or embedded third party content.