MuSig2: simple two-round Schnorr multi-signatures (Q2120074)

From MaRDI portal
Revision as of 05:56, 5 March 2024 by Import240304020342 (talk | contribs) (Set profile property.)
scientific article
Language Label Description Also known as
English
MuSig2: simple two-round Schnorr multi-signatures
scientific article

    Statements

    MuSig2: simple two-round Schnorr multi-signatures (English)
    0 references
    0 references
    0 references
    0 references
    31 March 2022
    0 references
    In [\textit{M. Drijvers} et al., ``On the security of two-round multi-signatures'', in: Proceedings of the 2019 IEEE symposium on security and privacy, SP'19. Los Alamitos, CA: IEEE Computer Society. 1084--1101 (2019; \url{doi:10.1109/SP.2019.00050})] it was shown, that all previously proposed two-round multi-signature schemes which allow a group of signers to produce a joint signature on a joint message using the discrete logarithm problem (Schnorr signature) cannot be proven secure and are vulnerable to attacks with subexponential complexity. In the same paper, a secure two-round scheme was proposed, but by this scheme signatures are produced more than twice larger then Schnorr signatures. Here, a new two-round multi-signature scheme is proposed, which is secure under concurrent signing sessions, supports key aggregation, produces ordinary Schnorr signatures and has similar signer complexity as ordinary Schnorr signatures. A lower bound (in terms of bit length for group elements presentation) for the reduction of complexity is derived to one more discrete logarithm problem. For the entire collection see [Zbl 1483.94004].
    0 references
    multi-signatures
    0 references
    Schnorr signatures
    0 references
    key aggregation
    0 references
    one more discrete logarithm problem
    0 references
    0 references
    0 references
    0 references

    Identifiers