Paper 2025/1009
Adaptively Secure Three-Round Threshold Schnorr Signatures from DDH
Abstract
Threshold signatures are one of the most important cryptographic primitives in distributed systems. Of particular interest is the threshold Schnorr signature, a pairing-free signature with efficient verification, compatible with standardized EdDSA (non-threshold) signature. However, most threshold Schnorr signatures have only been proven secure against a static adversary, which has to declare its corruptions before the protocol execution. Many existing adaptively secure constructions require either secure erasures or non-standard assumptions, such as the algebraic group model or hardness of the algebraic one-more discrete logarithm problem. The latest adaptively secure threshold Schnorr signature schemes under standard assumptions require five rounds of communication to create a single signature, limiting its practicality.
In this work, we present Gargos, a three-round, adaptively secure threshold Schnorr signature scheme based on the hardness of the decisional Diffie-Hellman (DDH) problem in the random oracle model (ROM). Our protocol supports full corruption threshold
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- A minor revision of an IACR publication in CRYPTO 2025
- Keywords
- Threshold SignaturesSchnorr SignaturesAdaptive Security
- Contact author(s)
-
renas bacho @ cispa de
souravd2 @ illinois edu
loss @ cispa de
renling @ illinois edu - History
- 2025-06-02: approved
- 2025-05-31: received
- See all versions
- Short URL
- https://ia.cr/2025/1009
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/1009, author = {Renas Bacho and Sourav Das and Julian Loss and Ling Ren}, title = {Adaptively Secure Three-Round Threshold Schnorr Signatures from {DDH}}, howpublished = {Cryptology {ePrint} Archive, Paper 2025/1009}, year = {2025}, url = {https://eprint.iacr.org/2025/1009} }