Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Fully Adaptive Schnorr Threshold Signatures

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2023 (CRYPTO 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14081))

Included in the following conference series:

Abstract

We prove adaptive security of a simple three-round threshold Schnorr signature scheme, which we call \(\textsf{Sparkle}\). The standard notion of security for threshold signatures considers a static adversary – one who must declare which parties are corrupt at the beginning of the protocol. The stronger adaptive adversary can at any time corrupt parties and learn their state. This notion is natural and practical, yet not proven to be met by most schemes in the literature.

In this paper, we demonstrate that \(\textsf{Sparkle}\) achieves several levels of security based on different corruption models and assumptions. To begin with, \(\textsf{Sparkle}\) is statically secure under minimal assumptions: the discrete logarithm assumption (DL) and the random oracle model (ROM). If an adaptive adversary corrupts fewer than \(t/2\) out of a threshold of \(t+1\) signers, then \(\textsf{Sparkle}\) is adaptively secure under a weaker variant of the one-more discrete logarithm assumption (AOMDL) in the ROM. Finally, we prove that \(\textsf{Sparkle}\) achieves full adaptive security, with a corruption threshold of \(t\), under AOMDL in the algebraic group model (AGM) with random oracles. Importantly, we show adaptive security without requiring secure erasures. Ours is the first proof achieving full adaptive security without exponential tightness loss for any threshold Schnorr signature scheme; moreover, the reduction is tight.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abdalla, M., Barbosa, M., Katz, J., Loss, J., Xu, J.: Algebraic adversaries in the universal composability framework. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13092, pp. 311–341. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92078-4_11

    Chapter  MATH  Google Scholar 

  2. Almansa, J.F., Damgård, I., Nielsen, J.B.: Simplified Threshold RSA with Adaptive and Proactive Security. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 593–611. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_35

    Chapter  Google Scholar 

  3. Bacho, R., Loss, J.: On the adaptive security of the threshold BLS signature scheme. In: IACR Cryptol. ePrint Arch. CCS 2022 (2022), 534 (2022). https://doi.org/10.1145/3548606.3560656

  4. Bauer, B., Fuchsbauer, G., Plouviez, A.: The one-more discrete logarithm assumption in the generic group model. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 587–617. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92068-5_20

    Chapter  MATH  Google Scholar 

  5. Bellare, M., Crites, E.C., Komlo, C., Maller, M., Tessaro, S., Zhu, C.: Better than advertised security for non-interactive threshold signatures. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Santa Barbara, CA, USA, August 15–18, 2022. 13510. LNCS. pp. 517–550. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15985-5_18

  6. Bellare, M., Dai, W., Li, L.: The local forking lemma and its application to deterministic encryption. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11923, pp. 607–636. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34618-8_21

    Chapter  Google Scholar 

  7. Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The one-more-RSA-inversion problems and the security of chaum’s blind signature scheme. J. Cryptology 16(3), 185–215 (2003). https://doi.org/10.1007/s00145-002-0120-1

    Article  MathSciNet  MATH  Google Scholar 

  8. Benhamouda, F., Lepoint, T., Loss, J., Orrù, M., Raykova, M.: On the (in)security of ROS. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 33–53. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_2

    Chapter  MATH  Google Scholar 

  9. Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36288-6_3

    Chapter  Google Scholar 

  10. Boneh, D., Drijvers, M., Neven, G.: Compact Multi-signatures for Smaller Blockchains. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 435–464. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_15

    Chapter  Google Scholar 

  11. Brandão, L., Davidson, M.: Notes on threshold EdDSA/Schnorr signatures (2022). https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8214B.ipd.pdf

  12. Brandão, L., Peralta, R.: NIST first call for multi-party threshold schemes (2023). https://nvlpubs.nist.gov/nistpubs/ir/2023/NIST.IR.8214C.ipd.pdf

  13. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS, pp. 136–345, 14–17 October 2001, Las Vegas, Nevada, USA. IEEE Computer Society (2001). https://doi.org/10.1109/SFCS.2001.959888

  14. Canetti, R., Feige, U., Goldreich, O., Naor. M.: Adaptively secure multi-party computation. In: Miller, G.L. (ed.) STOC 1996, Philadelphia, Pennsylvania, USA, 22–24 May 1996, pp. 639–648. ACM (1996). https://doi.org/10.1145/237814.238015

  15. Canetti, R., Gennaro, R., Goldfeder, S., Makriyannis, N., Peled. U.: UC Non-interactive, proactive, threshold ECDSA with identifiable aborts. In: IACR Cryptol. ePrint Arch, CCS 2020 (2021). https://doi.org/10.1145/3372297.3423367

  16. Canetti, R., Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Adaptive security for threshold cryptosystems. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 98–116. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_7

    Chapter  Google Scholar 

  17. Connolly, D., Komlo, C., Goldberg, I., Wood, C.: Two-round threshold Schnorr signatures with FROST. (2022). https://datatracker.ietf.org/doc/draft-irtf-cfrg-frost/

  18. Crites, E., Komlo, C., Maller, M.: Fully adaptive Schnorr threshold signatures. cryptology ePrint Archive, Paper 2023/445. (2023). https://eprint.iacr.org/2023/445

  19. Drijvers, M., et al.: On the security of two-round multi-signatures. In: SP 2019, San Francisco, CA, USA, 19–23 May 2019. pp. 1084–1101. IEEE (2019). https://doi.org/10.1109/SP.2019.00050

  20. Edgington, B.: Upgrading Ethereum (2023). https://eth2book.info/bellatrix/part2/building_blocks/randomness/

  21. Fiat, A., Shamir, A.: How To prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    Chapter  Google Scholar 

  22. Fischlin, M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 152–168. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_10

    Chapter  Google Scholar 

  23. Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 33–62. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_2

    Chapter  Google Scholar 

  24. Gennaro, R., Goldfeder, S.: Fast multiparty threshold ECDSA with fast trustless setup. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) CCS 2018, Toronto, ON, Canada, 15–19 October 2018, pp. 1179–1194. ACM (2018). https://doi.org/10.1145/3243734.3243859

  25. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. In: Inf. Comput. 164(1), 54–84 (2001). https://doi.org/10.1006/inco.2000.2881

  26. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure applications of pedersen’s distributed key generation protocol. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 373–390. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36563-X_26

    Chapter  Google Scholar 

  27. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 20(1), 51–83 (2007). https://doi.org/10.1007/s00145-006-0347-3

  28. Gennaro, R., Rabin, T., Jarecki, S., Krawczyk, H.: Robust and efficient sharing of RSA Functions. J. Cryptol. 20(3), 393 (2007). https://doi.org/10.1007/s00145-007-0201-2

  29. Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Fortnow, L., Vadhan. S.P. (eds.) STOC 2011, San Jose, CA, USA, 6–8 June 2011, pp. 99–108. ACM (2011). https://doi.org/10.1145/1993636.1993651

  30. Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988). https://doi.org/10.1137/0217017

  31. Jarecki, S., Lysyanskaya, A.: Adaptively secure threshold cryptography: introducing concurrency, removing erasures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 221–242. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_16

    Chapter  Google Scholar 

  32. Koblitz, N., Menezes, A.: Another look at non-standard discrete log and Diffie-Hellman problems. In: J. Math. Cryptol. 2(4), 311–326 (2008). https://doi.org/10.1515/JMC.2008.014

  33. Komlo, C., Goldberg, I.: FROST: flexible round-optimized schnorr threshold signatures. In: Dunkelman, O., Jacobson, Jr., M.J., O’Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 34–65. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81652-0_2

    Chapter  Google Scholar 

  34. Libert, B., Joye, M., Yung, M.: Born and raised distributively: fully distributed non-interactive adaptively-secure threshold signatures with short shares. Theoret. Comput. Sci. 645, 1–24 (2016). https://doi.org/10.1016/j.tcs.2016.02.031

    Article  MathSciNet  MATH  Google Scholar 

  35. Lindell. Y.: Simple three-round multiparty Schnorr signing with full simulatability. In: IACR Cryptol. ePrint Arch, p. 374 (2022). https://eprint.iacr.org/2022/374

  36. Lysyanskaya, A., Peikert, C.: Adaptive security in the threshold setting: from cryptosystems to signature schemes. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 331–350. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_20

    Chapter  MATH  Google Scholar 

  37. Makriyannis, N.: On the Classic Protocol for MPC Schnorr Signatures. Cryptology ePrint Archive, Paper 2022/1332. (2022). https://eprint.iacr.org/2022/1332

  38. Maxwell, G., Poelstra, A., Seurin, Y., Wuille, P.: Simple Schnorr multi-signatures with applications to Bitcoin. Des. Codes Cryptogr. 87(9), 2139–2164 (2019). https://doi.org/10.1007/s10623-019-00608-x. DESI 2019

    Article  MathSciNet  MATH  Google Scholar 

  39. Nick, J., Ruffing, T., Seurin, Y.: MuSig2: Simple Two-Round Schnorr Multi-signatures. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 189–221. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_8

    Chapter  Google Scholar 

  40. Nicolosi, A., Krohn, M.N., Dodis, Y., Mazèeres, D.: Proactive two-party signatures for user authentication. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2003, San Diego, California, USA. The Internet Society, (2003). https://www.ndss-symposium.org/ndss2003/proactive-two-party-signatures-user-authentication/

  41. Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptology 13(3), 361–396 (2000). https://doi.org/10.1007/s001450010003

    Article  MATH  Google Scholar 

  42. Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161–174 (1991). https://doi.org/10.1007/BF00196725

    Article  MathSciNet  MATH  Google Scholar 

  43. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979). https://doi.org/10.1145/359168.359176

  44. Stinson, D.R., Strobl, R.: Provably secure distributed schnorr signatures and a (t, n) threshold scheme for implicit certificates. In: Varadharajan, V., Mu, Y.(eds.) ACISP 2001. LNCS, vol. 2119, pp. 417–434. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-47719-5

Download references

Acknowledgements

Elizabeth Crites was supported by Input Output through their funding of the Blockchain Technology Lab at the University of Edinburgh.

Author information

Authors and Affiliations

  1. University of Edinburgh, Edinburgh, UK

    Elizabeth Crites

  2. University of Waterloo & Zcash Foundation, Waterloo, Canada

    Chelsea Komlo

  3. Ethereum Foundation & PQShield, London, UK

    Mary Maller

Authors
  1. Elizabeth Crites
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chelsea Komlo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mary Maller
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elizabeth Crites .

Editor information

Editors and Affiliations

  1. Rambus Inc., San Jose, CA, USA

    Helena Handschuh

  2. Brown University, Providence, RI, USA

    Anna Lysyanskaya

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Crites, E., Komlo, C., Maller, M. (2023). Fully Adaptive Schnorr Threshold Signatures. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14081. Springer, Cham. https://doi.org/10.1007/978-3-031-38557-5_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-38557-5_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-38556-8

  • Online ISBN: 978-3-031-38557-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation