MuSig2: Simple Two-Round Schnorr Multi-signatures View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2021-08-11

AUTHORS

Jonas Nick , Tim Ruffing , Yannick Seurin

ABSTRACT

Multi-signatures enable a group of signers to produce a joint signature on a joint message. Recently, Drijvers et al. (S&P’19) showed that all thus far proposed two-round multi-signature schemes in the pure DL setting (without pairings) are insecure under concurrent signing sessions. While Drijvers et al. proposed a secure two-round scheme, this efficiency in terms of rounds comes with the price of having signatures that are more than twice as large as Schnorr signatures, which are becoming popular in cryptographic systems due to their practicality (e.g., they will likely be adopted in Bitcoin). If one needs a multi-signature scheme that can be used as a drop-in replacement for Schnorr signatures, then one is forced to resort either to a three-round scheme or to sequential signing sessions, both of which are undesirable options in practice.In this work, we propose MuSig2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {MuSig2} $$\end{document}, a simple and highly practical two-round multi-signature scheme. This is the first scheme that simultaneously i) is secure under concurrent signing sessions, ii) supports key aggregation, iii) outputs ordinary Schnorr signatures, iv) needs only two communication rounds, and v) has similar signer complexity as ordinary Schnorr signatures. Furthermore, it is the first multi-signature scheme in the pure DL setting that supports preprocessing of all but one rounds, effectively enabling a non-interactive signing process without forgoing security under concurrent sessions. We prove the security of MuSig2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {MuSig2} $$\end{document} in the random oracle model, and the security of a more efficient variant in the combination of the random oracle and the algebraic group model. Both our proofs rely on a weaker variant of the OMDL assumption. More... »

PAGES

189-221

Book

TITLE

Advances in Cryptology – CRYPTO 2021

ISBN

978-3-030-84241-3
978-3-030-84242-0

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-030-84242-0_8

DOI

http://dx.doi.org/10.1007/978-3-030-84242-0_8

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1140318634


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Blockstream, Victoria, Canada", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "Blockstream, Victoria, Canada"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Nick", 
        "givenName": "Jonas", 
        "id": "sg:person.011230453067.20", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011230453067.20"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Blockstream, Victoria, Canada", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "Blockstream, Victoria, Canada"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Ruffing", 
        "givenName": "Tim", 
        "id": "sg:person.010315502717.47", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010315502717.47"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "ANSSI, Paris, France", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "ANSSI, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Seurin", 
        "givenName": "Yannick", 
        "id": "sg:person.011724731171.01", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011724731171.01"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2021-08-11", 
    "datePublishedReg": "2021-08-11", 
    "description": "Multi-signatures enable a group of signers to produce a joint signature on a joint message. Recently, Drijvers et al. (S&P\u201919) showed that all thus far proposed two-round multi-signature schemes in the pure DL setting (without pairings) are insecure under concurrent signing sessions. While Drijvers et al. proposed a secure two-round scheme, this efficiency in terms of rounds comes with the price of having signatures that are more than twice as large as Schnorr signatures, which are becoming popular in cryptographic systems due to their practicality (e.g., they will likely be adopted in Bitcoin). If one needs a multi-signature scheme that can be used as a drop-in replacement for Schnorr signatures, then one is forced to resort either to a three-round scheme or to sequential signing sessions, both of which are undesirable options in practice.In this work, we propose MuSig2\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$\\mathsf {MuSig2} $$\\end{document}, a simple and highly practical two-round multi-signature scheme. This is the first scheme that simultaneously i)\u00a0is secure under concurrent signing sessions, ii)\u00a0supports key aggregation, iii)\u00a0outputs ordinary Schnorr signatures, iv)\u00a0needs only two communication rounds, and v)\u00a0has similar signer complexity as ordinary Schnorr signatures. Furthermore, it is the first multi-signature scheme in the pure DL setting that supports preprocessing of all but one rounds, effectively enabling a non-interactive signing process without forgoing security under concurrent sessions. We prove the security of MuSig2\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$\\mathsf {MuSig2} $$\\end{document} in the random oracle model, and the security of a more efficient variant in the combination of the random oracle and the algebraic group model. Both our proofs rely on a weaker variant of the OMDL assumption.", 
    "editor": [
      {
        "familyName": "Malkin", 
        "givenName": "Tal", 
        "type": "Person"
      }, 
      {
        "familyName": "Peikert", 
        "givenName": "Chris", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-030-84242-0_8", 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-030-84241-3", 
        "978-3-030-84242-0"
      ], 
      "name": "Advances in Cryptology \u2013 CRYPTO 2021", 
      "type": "Book"
    }, 
    "keywords": [
      "multi-signature scheme", 
      "Schnorr signature", 
      "terms of rounds", 
      "random oracle model", 
      "group of signers", 
      "cryptographic systems", 
      "algebraic group model", 
      "oracle model", 
      "communication rounds", 
      "key aggregation", 
      "random oracles", 
      "signing process", 
      "concurrent sessions", 
      "efficient variant", 
      "first scheme", 
      "security", 
      "joint message", 
      "joint signature", 
      "scheme", 
      "group model", 
      "preprocessing", 
      "oracle", 
      "weak variant", 
      "signers", 
      "messages", 
      "Multi", 
      "complexity", 
      "practicality", 
      "signatures", 
      "model", 
      "proof", 
      "system", 
      "rounds", 
      "sessions", 
      "efficiency", 
      "et al", 
      "work", 
      "simple", 
      "variants", 
      "terms", 
      "process", 
      "aggregation", 
      "assumption", 
      "setting", 
      "practice", 
      "combination", 
      "prices", 
      "options", 
      "al", 
      "drop", 
      "dl", 
      "replacement", 
      "group", 
      "undesirable option"
    ], 
    "name": "MuSig2: Simple Two-Round Schnorr Multi-signatures", 
    "pagination": "189-221", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1140318634"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-030-84242-0_8"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-030-84242-0_8", 
      "https://app.dimensions.ai/details/publication/pub.1140318634"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-11-24T21:12", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20221124/entities/gbq_results/chapter/chapter_147.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-030-84242-0_8"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-84242-0_8'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-84242-0_8'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-84242-0_8'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-84242-0_8'


 

This table displays all metadata directly associated to this object as RDF triples.

134 TRIPLES      22 PREDICATES      78 URIs      71 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-030-84242-0_8 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author Nf05b239cb41f47e385eae2a34b6e1f66
4 schema:datePublished 2021-08-11
5 schema:datePublishedReg 2021-08-11
6 schema:description Multi-signatures enable a group of signers to produce a joint signature on a joint message. Recently, Drijvers et al. (S&P’19) showed that all thus far proposed two-round multi-signature schemes in the pure DL setting (without pairings) are insecure under concurrent signing sessions. While Drijvers et al. proposed a secure two-round scheme, this efficiency in terms of rounds comes with the price of having signatures that are more than twice as large as Schnorr signatures, which are becoming popular in cryptographic systems due to their practicality (e.g., they will likely be adopted in Bitcoin). If one needs a multi-signature scheme that can be used as a drop-in replacement for Schnorr signatures, then one is forced to resort either to a three-round scheme or to sequential signing sessions, both of which are undesirable options in practice.In this work, we propose MuSig2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {MuSig2} $$\end{document}, a simple and highly practical two-round multi-signature scheme. This is the first scheme that simultaneously i) is secure under concurrent signing sessions, ii) supports key aggregation, iii) outputs ordinary Schnorr signatures, iv) needs only two communication rounds, and v) has similar signer complexity as ordinary Schnorr signatures. Furthermore, it is the first multi-signature scheme in the pure DL setting that supports preprocessing of all but one rounds, effectively enabling a non-interactive signing process without forgoing security under concurrent sessions. We prove the security of MuSig2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {MuSig2} $$\end{document} in the random oracle model, and the security of a more efficient variant in the combination of the random oracle and the algebraic group model. Both our proofs rely on a weaker variant of the OMDL assumption.
7 schema:editor Nb35ded300bea4ed1894238cac7e25882
8 schema:genre chapter
9 schema:isAccessibleForFree false
10 schema:isPartOf N613a48daf80f4ac1b8855859afd0180c
11 schema:keywords Multi
12 Schnorr signature
13 aggregation
14 al
15 algebraic group model
16 assumption
17 combination
18 communication rounds
19 complexity
20 concurrent sessions
21 cryptographic systems
22 dl
23 drop
24 efficiency
25 efficient variant
26 et al
27 first scheme
28 group
29 group model
30 group of signers
31 joint message
32 joint signature
33 key aggregation
34 messages
35 model
36 multi-signature scheme
37 options
38 oracle
39 oracle model
40 practicality
41 practice
42 preprocessing
43 prices
44 process
45 proof
46 random oracle model
47 random oracles
48 replacement
49 rounds
50 scheme
51 security
52 sessions
53 setting
54 signatures
55 signers
56 signing process
57 simple
58 system
59 terms
60 terms of rounds
61 undesirable option
62 variants
63 weak variant
64 work
65 schema:name MuSig2: Simple Two-Round Schnorr Multi-signatures
66 schema:pagination 189-221
67 schema:productId N55d32d45440548bdb38513afac39d88a
68 N8266e27913964877bba6117c8ff1efba
69 schema:publisher N92d2d759cec144c19cc5b2e8a31d9826
70 schema:sameAs https://app.dimensions.ai/details/publication/pub.1140318634
71 https://doi.org/10.1007/978-3-030-84242-0_8
72 schema:sdDatePublished 2022-11-24T21:12
73 schema:sdLicense https://scigraph.springernature.com/explorer/license/
74 schema:sdPublisher N32882b2869574a5aa624700c57c11673
75 schema:url https://doi.org/10.1007/978-3-030-84242-0_8
76 sgo:license sg:explorer/license/
77 sgo:sdDataset chapters
78 rdf:type schema:Chapter
79 N32882b2869574a5aa624700c57c11673 schema:name Springer Nature - SN SciGraph project
80 rdf:type schema:Organization
81 N55d32d45440548bdb38513afac39d88a schema:name dimensions_id
82 schema:value pub.1140318634
83 rdf:type schema:PropertyValue
84 N613a48daf80f4ac1b8855859afd0180c schema:isbn 978-3-030-84241-3
85 978-3-030-84242-0
86 schema:name Advances in Cryptology – CRYPTO 2021
87 rdf:type schema:Book
88 N706d2002fdd34c33ae01fbb647703460 schema:familyName Peikert
89 schema:givenName Chris
90 rdf:type schema:Person
91 N8266e27913964877bba6117c8ff1efba schema:name doi
92 schema:value 10.1007/978-3-030-84242-0_8
93 rdf:type schema:PropertyValue
94 N8fc4c7863a1c468799de97eb5c7c5f33 rdf:first N706d2002fdd34c33ae01fbb647703460
95 rdf:rest rdf:nil
96 N92d2d759cec144c19cc5b2e8a31d9826 schema:name Springer Nature
97 rdf:type schema:Organisation
98 N992129faf28e4dff8ab1a80bcebaa978 rdf:first sg:person.010315502717.47
99 rdf:rest Nf6c31a067b4040aeb6c3794e832de937
100 Na333adf829a046078c27077267bc7a32 schema:familyName Malkin
101 schema:givenName Tal
102 rdf:type schema:Person
103 Nb35ded300bea4ed1894238cac7e25882 rdf:first Na333adf829a046078c27077267bc7a32
104 rdf:rest N8fc4c7863a1c468799de97eb5c7c5f33
105 Nf05b239cb41f47e385eae2a34b6e1f66 rdf:first sg:person.011230453067.20
106 rdf:rest N992129faf28e4dff8ab1a80bcebaa978
107 Nf6c31a067b4040aeb6c3794e832de937 rdf:first sg:person.011724731171.01
108 rdf:rest rdf:nil
109 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
110 schema:name Information and Computing Sciences
111 rdf:type schema:DefinedTerm
112 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
113 schema:name Data Format
114 rdf:type schema:DefinedTerm
115 sg:person.010315502717.47 schema:affiliation grid-institutes:None
116 schema:familyName Ruffing
117 schema:givenName Tim
118 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010315502717.47
119 rdf:type schema:Person
120 sg:person.011230453067.20 schema:affiliation grid-institutes:None
121 schema:familyName Nick
122 schema:givenName Jonas
123 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011230453067.20
124 rdf:type schema:Person
125 sg:person.011724731171.01 schema:affiliation grid-institutes:None
126 schema:familyName Seurin
127 schema:givenName Yannick
128 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011724731171.01
129 rdf:type schema:Person
130 grid-institutes:None schema:alternateName ANSSI, Paris, France
131 Blockstream, Victoria, Canada
132 schema:name ANSSI, Paris, France
133 Blockstream, Victoria, Canada
134 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...