MuSig-DN: Schnorr Multi-Signatures with Verifiably Deterministic Nonces

Nick, Jonas; Ruffing, Tim; Seurin, Yannick; Wuille, Pieter

doi:10.1145/3372297.3417236

Cited by 52 publications

(20 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The application of ECC is catching up recently for IoT and allied application. [44] proposed the Edwards curve to optimise the power and memory consumption in a physical device. [45] presented a fast, low power and highly secure cryptography for IoT by using a binary Edwards curve.…”

Section: Edwards Curve Application In Iotmentioning

confidence: 99%

“…MuSig is a new Schnorrbased multi-signature scheme proposed by [53].The use of Schnorr signatures makes it simple, efficient and support key aggregation. In [54] the authors introduced a security model for general aggregate signature schemes based on multi-user and thereby achieved a significant reduction EC/DSS/DSA Domain Solution # Edwards Curve IoT Security enhancement [9], [13], [44], [45], [17] , [76] ECC [19], [43] Table 4: Elliptic and Edwards curve application in IoT.…”

Section: Schnorr's Signature For Multi-signaturementioning

confidence: 99%

See 1 more Smart Citation

An empirical study to demonstrate that EdDSA can be used as a performance improvement alternative to ECDSA in Blockchain and IoT

Jayabalasamy

Koppu

2022

IJCAI

View full text Add to dashboard Cite

Digital signatures are a vital part of the digital world. The trust factor in the digital world is ensured with a digital signature. Over the evolution, the purpose remained constant, but the applicability and frontier continued to evolve, thus raising the demand for continuous performance, security level and computational improvement. Especially with emerging IoT, blockchain and cryptocurrency, the digital signature security level and performance improvement demand continue to rise. A digital signature scheme (DSS) is used to generate signatures. This paper investigates the widely used elliptic curve digital signature algorithm (ECDSA) and its application to blockchain and IoT. Then, we performed an empirical comparison of ECDSA with the Edwards curve digital signature algorithm (EdDSA). The study concludes by showing that EdDSA is superior to ECDSA and can be applied in blockchain and IoT domains to reap immediate benefits.Povzetek: Avtorja primerjata dve metodi generiranja varnih digitalnih podpisov in pokažeta, da je EdDSA boljša kot ECDSA.

show abstract

Section: Edwards Curve Application In Iotmentioning

confidence: 99%

Section: Schnorr's Signature For Multi-signaturementioning

confidence: 99%

An empirical study to demonstrate that EdDSA can be used as a performance improvement alternative to ECDSA in Blockchain and IoT

Jayabalasamy

Koppu

2022

IJCAI

View full text Add to dashboard Cite

show abstract

“…As an improvement scheme of MuSig, Yannick Seurin et al proposed MuSig-DN [21], and J. Nick et al proposed MuSig2 [20]. MuSig-DN allows the use of a deterministic nonce generated from a private key instead of a nonce generated from a pseudo-random generator, and the other signers can verify the authenticity since this deterministic nonce was used for signing using zero-knowledge proofs.…”

Section: Prior Work 221 Musigmentioning

confidence: 99%

“…As two advanced applications of MuSig, MuSig-DN [21] supports deterministic nonce instead of using a random number generator, and MuSig2 [20] supports a two-round protocol, respectively. Since these schemes are improvements related to the signing algorithm, we believe that updating KAIAS supports these modifications.…”

Section: What About the Use Of Deterministic Nonce And Modification To The 2-round Protocol?mentioning

confidence: 99%

A New Schnorr Multi-Signatures to Support Both Multiple Messages Signing and Key Aggregation

Kojima

Yamamoto

Shimoyama

et al. 2021

Journal of Information Processing

View full text Add to dashboard Cite

A digital signature is essential for verifying people's reliability and data integrity over networks and is used in web server certificates, authentication, and blockchain technologies. Specifically, to solve the bitcoin scalability problem, Multi-Signature (MS) schemes have recently attracted attention because the MS's aggregate algorithm can reduce the amount of signature data in transactions. While such schemes support only a single message signing, Interactive Aggregate Signatures (IAS) and Aggregate Multi-Signature Protocol (AMSP) support signing of multiple messages. However, there are some issues with these schemes, for example, key aggregation is unavailable. In this paper, we propose a key aggregatable IAS scheme called KAIAS that can sign multiple messages with key aggregation. In terms of cases using Multi-Signature, previous studies have mainly discussed the benefits of reducing the size of signatures. On the other hand, we also propose a practical application of KAIAS that leverages its benefits in aggregating both signatures and public keys with a low computing cost for verification.

show abstract

“…A : Compromise privacy of the custody operation (determine the set of public UTxOs) Without privacy support for advanced descriptors (such as by using MuSig2 [30] or MuSig-DN [31] if the proposed Taproot [1] upgrade is activated by the Bitcoin network) Revault's operational privacy is brittle. A Theft Tx that consumes all available deposit UTxOs would be catastrophic since this comprises the majority of funds.…”

Section: Common Attack Sub-treesmentioning

confidence: 99%

Risk Framework for Bitcoin Custody Operation with the Revault Protocol

Swambo¹,

Poinsot²

2021

Preprint

View full text Add to dashboard Cite

Our contributions with this paper are twofold. First, we elucidate the methodological requirements for a risk framework of custodial operations and argue for the value of this type of risk model as complementary with cryptographic and blockchain security models. Second, we present a risk model in the form of a library of attack-trees for Revault -an open-source custody protocol. The model can be used by organisations as a risk quantification framework for a thorough security analysis in their specific deployment context. Our work exemplifies an approach that can be used independent of which custody protocol is being considered, including complex protocols with multiple stakeholders and active defence infrastructure.

show abstract

MuSig-DN: Schnorr Multi-Signatures with Verifiably Deterministic Nonces

Cited by 52 publications

References 28 publications

An empirical study to demonstrate that EdDSA can be used as a performance improvement alternative to ECDSA in Blockchain and IoT

An empirical study to demonstrate that EdDSA can be used as a performance improvement alternative to ECDSA in Blockchain and IoT

A New Schnorr Multi-Signatures to Support Both Multiple Messages Signing and Key Aggregation

Risk Framework for Bitcoin Custody Operation with the Revault Protocol

Contact Info

Product

Resources

About