Paper 2024/466

Arctic: Lightweight and Stateless Threshold Schnorr Signatures

Chelsea Komlo, University of Waterloo
Ian Goldberg, University of Waterloo
Abstract

Threshold Schnorr signatures are seeing increased adoption in practice, and offer practical defenses against single points of failure. However, one challenge with existing randomized threshold Schnorr signature schemes is that signers must carefully maintain secret state across signing rounds, while also ensuring that state is deleted after a signing session is completed. Failure to do so will result in a fatal key-recovery attack by re-use of nonces. While deterministic threshold Schnorr signatures that mitigate this issue exist in the literature, all prior schemes incur high complexity and performance overhead in comparison to their randomized equivalents. In this work, we seek the best of both worlds; a deterministic and stateless threshold Schnorr signature scheme that is also simple and efficient. Towards this goal, we present Arctic, a lightweight two-round threshold Schnorr signature that is deterministic, and therefore does not require participants to maintain state between signing rounds. As a building block, we formalize the notion of a Verifiable Pseudorandom Secret Sharing (VPSS) scheme, and define Shine, an efficient VPSS construction. Shine is secure when the total number of participants is at least 2t − 1 and the adversary is assumed to corrupt at most t − 1; i.e., in the honest majority model. We prove that Arctic is secure under the discrete logarithm assumption in the random oracle model, similarly assuming at minimum 2t − 1 number of signers and a corruption threshold of at most t − 1. For moderately sized groups (i.e., when n ≤ 20), Arctic is more than an order of magnitude more efficient than prior deterministic threshold Schnorr signatures in the literature. For small groups where n ≤ 10, Arctic is three orders of magnitude more efficient.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
threshold signaturesSchnorr signaturessecret sharing
Contact author(s)
ckomlo @ uwaterloo ca
iang @ uwaterloo ca
History
2024-03-22: approved
2024-03-20: received
See all versions
Short URL
https://ia.cr/2024/466
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/466,
      author = {Chelsea Komlo and Ian Goldberg},
      title = {Arctic: Lightweight and Stateless Threshold Schnorr Signatures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/466},
      year = {2024},
      url = {https://eprint.iacr.org/2024/466}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.