MuSig2: Simple Two-Round Schnorr Multi-signatures

Nick, Jonas; Ruffing, Tim; Seurin, Yannick

doi:10.1007/978-3-030-84242-0_8

Cited by 79 publications

(28 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These two features make the signature algorithm highly attractive to application developers. Several Schnorrbased signature methods [27,28] have been developed by academics to improve Bitcoin's efficiency and user privacy, and the Bitcoin community is contemplating implementing the Schnorr signature algorithm [29]. We should eagerly anticipate the practical implementation of the Schnorr signature algorithm.…”

Section: The Signature Scheme Proposed By Schnorrmentioning

confidence: 99%

An anonymous and fair auction system based on blockchain

Weng

et al. 2023

J Supercomput

View full text Add to dashboard Cite

Transaction volumes are growing rapidly, demonstrating how well-liked online auctions are with shoppers. Bidders can access a wider variety of products and sellers can reach a larger audience through online auction platforms. However, privacy concerns have reduced users' trust in auction platforms, and difficult disputes have caused consumers to question the fairness of online auctions, negatively impacting the market growth. The emergence of blockchain technology has brought a new approach to solving these problems. Blockchain is a new generation of information technology that is decentralized, transparent, traceable, anti-tampering, and unforgeable, following big data, cloud computing, and artificial intelligence. In this paper, we present a blockchain-based online auction solution as well as an auction protocol that uses ring signatures to guarantee anonymity. Three features summarize this essay: (1) Making use of blockchain technology to ensure that the auction transaction process is transparent, traceable, tamper-proof, and unforgeable.(2) The ring signature-based anonymous auction protocol allows for the concealment of bidders' public keys in a group of public keys. Because malicious individuals are prevented from evaluating data by tracking numerous transactions of a single public key, this significantly protects the privacy of bidders. (3) The proposed scheme promotes auction fairness and effectively resolves disputes.

show abstract

Section: The Signature Scheme Proposed By Schnorrmentioning

confidence: 99%

An anonymous and fair auction system based on blockchain

Weng

et al. 2023

J Supercomput

View full text Add to dashboard Cite

show abstract

“…A : Compromise privacy of the custody operation (determine the set of public UTxOs) Without privacy support for advanced descriptors (such as by using MuSig2 [30] or MuSig-DN [31] if the proposed Taproot [1] upgrade is activated by the Bitcoin network) Revault's operational privacy is brittle. A Theft Tx that consumes all available deposit UTxOs would be catastrophic since this comprises the majority of funds.…”

Section: Common Attack Sub-treesmentioning

confidence: 99%

Risk Framework for Bitcoin Custody Operation with the Revault Protocol

Swambo¹,

Poinsot²

2021

Preprint

View full text Add to dashboard Cite

Our contributions with this paper are twofold. First, we elucidate the methodological requirements for a risk framework of custodial operations and argue for the value of this type of risk model as complementary with cryptographic and blockchain security models. Second, we present a risk model in the form of a library of attack-trees for Revault -an open-source custody protocol. The model can be used by organisations as a risk quantification framework for a thorough security analysis in their specific deployment context. Our work exemplifies an approach that can be used independent of which custody protocol is being considered, including complex protocols with multiple stakeholders and active defence infrastructure.

show abstract

“…Using these protocols, a certain set of parties may transfer their joint right to generate a signature to any subset among themselves equal to or a Correspondence should be addressed to Nikita Snetkov: nikita.snetkov@cyber.ee larger than a specific threshold. There are threshold variants of RSA [62,31,22], Schnorr [49,56,29,27], Ed-DSA [44,15,57,50] and ECDSA [52,35,23,1,67] signatures, which could be used in the blockchain infrastructure or as an authentication solution [21]. With several parties being required to participate in the generation of a signature, it is not unreasonable to somewhat relax the security requirements on any single party, related to the storage or handling of its private key material.…”

Section: Introductionmentioning

confidence: 99%

TOPCOAT: Towards Practical Two-Party Crystals-Dilithium

Snetkov,

Vakarjuk,

Laud

2024

Preprint

View full text Add to dashboard Cite

The development of threshold protocols based on lattice-signature schemes has been of increasing interest in the past several years. The main research focus was towards protocols constructed for various variants of Crystals-Dilithium, future NIST digital signature standard known as ML-DSA. In this work, we propose TOPCOAT, a two-party lattice-based signature algorithm that embodies Dilithium's compression techniques. The aforesaid result is achieved by introducing a new hinting mechanism that allows parties to collaboratively calculate $\textsf{HighBits}$. Our hinting mechanism allows public key compression similar to Dilithium. Additionally, we suggest an optimization technique to minimize number of restarts both parties need to produce a valid signature. We prove security of our scheme under MLWE and MSIS assumptions in ROM, and provide implementation of our proposed scheme. As additional contribution, we present vulnerabilities and inconsistencies found in Liu et al. work which aimed to construct distributed lattice-based signature protocol.

show abstract

MuSig2: Simple Two-Round Schnorr Multi-signatures

Cited by 79 publications

References 30 publications

An anonymous and fair auction system based on blockchain

An anonymous and fair auction system based on blockchain

Risk Framework for Bitcoin Custody Operation with the Revault Protocol

TOPCOAT: Towards Practical Two-Party Crystals-Dilithium

Contact Info

Product

Resources

About