Abstract
We construct a two-round Schnorr-based signature scheme (DWMS) by delinearizing two pre-commitments supplied by each signer. DWMS is a secure signature scheme in the algebraic group model (AGM) and the random oracle model (ROM) under the assumption of the hardness of the one-more discrete logarithm problem and the 2-entwined sum problem that we introduce in this paper. Our new m-entwined sum problem tweaks the k-sum problem in a scalar field using the associated group. We prove the hardness of our new problem in the AGM assuming the hardness of the discrete logarithm problem in the associated group. We believe that our new problem simplifies the security proofs of multi-signature schemes that use the delinearization of commitments.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
There can be a specified structure (e.g., tree structure [11]) between parties for more efficient communication.
- 2.
Remark that \( \alpha _{11}^{(i)} = H_1(\mathsf {SID}^{(i)},1,1), \alpha _{12}^{(i)} = H_1(\mathsf {SID}^{(i)},1,2) \). So, the probability of having \(\alpha _{11}^{(i)} (\sum _{j =1}^{q_s} \eta ^{(i)}_{1j}y_j) =- \alpha _{12}^{(i)} (\sum _{j =1}^{q_s}\eta _{2j}^{(i)}y_j) \) given that \( T_{11}^{(i)} \ne 0, T_{11}^{(i)} \ne 0 \) is not a collision probability.
References
Schnorrkel library, January 2020. https://github.com/w3f/schnorrkel/commit/fa6c35f832
Bagherzandi, A., Cheon, J.-H., Jarecki, S.: Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 449–458 (2008)
Bagherzandi, A., Jarecki, S.: Multisignatures using proofs of secret key possession, as secure as the Diffie-Hellman problem. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 218–235. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85855-3_15
Bellare, M., Dai, W.: The multi-base discrete logarithm problem: Concrete security improvements for Schnorr identification, signatures and multi-signatures. IACR Cryptology ePrint Archive 2020:416 (2020)
Bellare, N., Pointcheval, S.: The one-more-RSA-inversion problems and the security of Chaum’s blind signature scheme. J. Cryptol. 16(3), 185–215 (2003). https://doi.org/10.1007/s00145-002-0120-1
Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 390–399 (2006)
Bellare, M., Palacio, A.: GQ and Schnorr identification schemes: proofs of security against impersonation under active and concurrent attacks. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 162–177. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_11
Benhamouda, F., Lepoint, T., Orrù, M., Raykova, M.: On the (in)security of ROS. Cryptology ePrint Archive, Report 2020/945 (2020). https://eprint.iacr.org/2020/945
Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36288-6_3
Boneh, D., Drijvers, M., Neven, G.: Compact multi-signatures for smaller blockchains. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 435–464. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_15
Drijvers, M., et al.: On the security of two-round multi-signatures. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1084–1101. IEEE (2019)
Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 33–62. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_2
Fuchsbauer, G., Plouviez, A., Seurin, Y.: Blind Schnorr signatures in the algebraic group model. Cryptology ePrint Archive, Report 2019/877 (2019). https://eprint.iacr.org/2019/877
Fuchsbauer, G., Plouviez, A., Seurin, Y.: Blind Schnorr signatures and signed ElGamal encryption in the algebraic group model. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 63–95. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_3
Itakura, K., Nakamura, K.: A public-key cryptosystem suitable for digital multisignatures. NEC Res. Dev. 71, 1–8 (1983)
Komlo, C., Goldberg, I.: FROST: flexible round-optimized Schnorr threshold signatures (2020)
Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential aggregate signatures and multisignatures without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 465–485. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_28
Ma, C., Weng, J., Li, Y., Deng, R.: Efficient discrete logarithm based multi-signature scheme in the plain public key model. Des. Codes Crypt. 54(2), 121–133 (2010). https://doi.org/10.1007/s10623-009-9313-z
Maxwell, G., Poelstra, A., Seurin, Y., Wuille, P.: Simple Schnorr multi-signatures with applications to bitcoin. Des. Codes Crypt. 87(9), 2139–2164 (2019). https://doi.org/10.1007/s10623-019-00608-x
Nick, J., Ruffing, T., Seurin, Y.: MuSig2: simple two-round Schnorr multi-signatures. Cryptology ePrint Archive, Report 2020/1261 (2020). https://eprint.iacr.org/2020/1261
Nick, J., Ruffing, T., Seurin, Y., Wuille, P.: MuSig-DN: Schnorr multi-signatures with verifiably deterministic nonces. Cryptology ePrint Archive, Report 2020/1057 (2020). https://eprint.iacr.org/2020/1057
Ohta, K., Okamoto, T.: A digital multisignature scheme based on the Fiat-Shamir scheme. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 139–148. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-57332-1_11
Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind linsignatures. J. Cryptol. 13, 361–396 (2000)
Ristenpart, T., Yilek, S.: The power of proofs-of-possession: securing multiparty signatures against rogue-key attacks. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 228–245. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72540-4_13
Schnorr, C.P.: Security of blind discrete log signatures against interactive attacks. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 1–12. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45600-7_1
Syta, E., et al.: Keeping authorities “honest or bust” with decentralized witness cosigning. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 526–545. IEEE (2016)
Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–304. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_19
Acknowledgement
We thank Raghav Bhaskar and Alistair Stewart for their extensive advise and extremely insightful conversations throughout the effort. We warmly thank Michele Orrù for his helpful conversations, especially around understanding the algebraic group models.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Rank of a Random Matrix
A Rank of a Random Matrix
Assume that we have a random matrix \( \mathtt {{M}} \) of size \( (\ell \times \ell ') \). Given that \( \ell \le \ell ' \), the rank of \( \mathtt {{M}} \) can be at most \( \ell \).
Let’s define another event \( E_i \) where the first i row vectors of \( \mathtt {{M}} \) are linearly independent. In this case, 
which is the probability that a random vector equals to \( {\pmb {0}} \) (vector consisting of 0). In this case,
So, the probability of \( \mathtt {{M}} \)’s rank is less than \( \ell \) is at most \( \frac{\ell }{p}\).
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Kılınç Alper, H., Burdges, J. (2021). Two-Round Trip Schnorr Multi-signatures via Delinearized Witnesses. In: Malkin, T., Peikert, C. (eds) Advances in Cryptology – CRYPTO 2021. CRYPTO 2021. Lecture Notes in Computer Science(), vol 12825. Springer, Cham. https://doi.org/10.1007/978-3-030-84242-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-84242-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-84241-3
Online ISBN: 978-3-030-84242-0
eBook Packages: Computer ScienceComputer Science (R0)
