MuSig2: simple two-round Schnorr multi-signatures (Q2120074): Difference between revisions
From MaRDI portal
Latest revision as of 12:08, 28 July 2024
scientific article
Language | Label | Description | Also known as |
---|---|---|---|
English | MuSig2: simple two-round Schnorr multi-signatures |
scientific article |
Statements
MuSig2: simple two-round Schnorr multi-signatures (English)
0 references
31 March 2022
0 references
In [\textit{M. Drijvers} et al., ``On the security of two-round multi-signatures'', in: Proceedings of the 2019 IEEE symposium on security and privacy, SP'19. Los Alamitos, CA: IEEE Computer Society. 1084--1101 (2019; \url{doi:10.1109/SP.2019.00050})] it was shown, that all previously proposed two-round multi-signature schemes which allow a group of signers to produce a joint signature on a joint message using the discrete logarithm problem (Schnorr signature) cannot be proven secure and are vulnerable to attacks with subexponential complexity. In the same paper, a secure two-round scheme was proposed, but by this scheme signatures are produced more than twice larger then Schnorr signatures. Here, a new two-round multi-signature scheme is proposed, which is secure under concurrent signing sessions, supports key aggregation, produces ordinary Schnorr signatures and has similar signer complexity as ordinary Schnorr signatures. A lower bound (in terms of bit length for group elements presentation) for the reduction of complexity is derived to one more discrete logarithm problem. For the entire collection see [Zbl 1483.94004].
0 references
multi-signatures
0 references
Schnorr signatures
0 references
key aggregation
0 references
one more discrete logarithm problem
0 references
0 references
0 references
0 references
0 references