Welcome to the resource topic for 2021/404
Title:
Chain Reductions for Multi-Signatures and the HBMS Scheme
Authors: Mihir Bellare, Wei Dai
Abstract:Existing proofs for Discrete Log (DL) based multi-signature schemes give essentially no guarantee if the schemes are implemented, as they are in practice, in 256-bit groups. This is because the current reductions, which are in the standard model and from DL, are loose. We show that relaxing either the model or the assumption suffices to obtain tight reductions. Namely we give (1) tight proofs from DL in the Algebraic Group Model, and (2) tight, standard-model proofs from well-founded assumptions other than DL. We first do this for the classical 3-round schemes, namely BN and MuSig. Then we give a new 2-round multi-signature scheme, HBMS, as efficient as prior ones, for which we do the same. These multiple paths to security for a single scheme are made possible by a framework of chain reductions, in which a reduction is broken into a chain of sub-reductions involving intermediate problems. Overall our results improve the security guarantees for DL-based multi-signature schemes in the groups in which they are implemented in practice.
ePrint: https://eprint.iacr.org/2021/404
Talk: https://www.youtube.com/watch?v=J_JSciTFgoY
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .