[bitcoin-dev] Multi party Schnorr Rust implementation
omer.shlomovits at gmail.com
Wed Nov 28 08:13:08 UTC 2018
AFAIK, There is no way to do threshold signatures non-interactively for the
general case of t out of n. Even if you are willing to maintain additional
data structure on top of the standard and change verification algorithm
(see for example appendix B in  where they use bitmaps).
The best way that I came up with so far (which I plan to implement in the
library) is to take SS01 paper , this also the paper cited in
bip-schnorr , and to replace Pedersen VSS with Feldman VSS (Feldman VSS
implementation can be found in  ). Basically taking the DKG from GG18
without paillier and the dlog pok (threshold ecdsa paper ) and use it
for the threshold schnorr DKG and for the ephemeral key distributed
generation. This will cause the lost of Robustness but will be more
Generally speaking - the purpose of using threshold security is to replace
hw security. The assumption is that you would rather trust that no more
than t out of n different machines will get corrupted at same time than to
trust one secure hardware. Maybe that relax a bit the demand for using air
On Wed, Nov 28, 2018 at 8:33 AM Devrandom <c1.bitcoin at niftybox.net> wrote:
> Hi Omer,
> Are there any candidates for non-interactive threshold signatures?
> Interactive signatures are not very suitable for air-gapped use cases.
> On Tue, Nov 27, 2018 at 11:18 AM Omer Shlomovits via bitcoin-dev <
> bitcoin-dev at lists.linuxfoundation.org> wrote:
>> Hello all,
>> I am working for the past few months with collaborators (in cc) on
>> providing Rust reference implementations to existing multi party schemes
>> for Schnorr signatures . This includes aggregated signatures,
>> accountable signatures (which for n out of n are multi-signatures) and
>> threshold signatures (wip).
>> The project can be found here:
>> https://github.com/KZen-networks/multi-party-schnorr .
>> We aim that if the protocol is run in a configuration of a single party
>> it will be bip-schnorr  compliant.
>> Hope you'll find it useful :)
>> Questions, suggestions and pull requests are welcome!
>>  https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki
>> bitcoin-dev mailing list
>> bitcoin-dev at lists.linuxfoundation.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bitcoin-dev