Welcome to the resource topic for 2022/1332
On the Classic Protocol for MPC Schnorr Signatures
Authors: Nikolaos MakriyannisAbstract:
The classic MPC protocol for Schnorr Signatures (Classic Schnorr) consists of a simple three-round process for the signing operation, and the protocol is essentially as efficient as the underlying non-MPC scheme (modulo the round-complexity). In particular, Classic Schnorr does not contain any ZK proofs, not even for key-generation, and the only cryptographic “machinery” it uses is the underlying hash function. In this paper, we show that Classic Schnorr UC realizes the ideal threshold-signature functionality of Canetti, Makriyannis, and Peled (Manuscript’20) against adaptive adversaries for any number of corrupted parties. Furthermore, (1) the protocol does not impose any restrictions on the number of concurrent signings, (2) the protocol naturally supports identifiable abort, and (3) the protocol can be extended to achieve proactive security, almost for free. So, the main novelty of our work is showing that Classic Schnorr achieves the utmost security as a threshold-signatures protocol. We hold that the achieved security is truly surprising given how simple the protocol is.
On a technical level, we show the above by extending the proof technique of Canetti, Makriyannis, and Peled, recently generalized by Blokh, Makriyannis, and Peled (Manuscript’22) for arbitrary threshold-signature schemes, whereby the indistinguishability of the UC simulation is reduced to the unforgeability of the underlying signature scheme. Our results hold in the random oracle model under the discrete logarithm assumption.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .