Movatterモバイル変換


[0]ホーム

URL:


Paper 2025/1941

Adaptively-Secure Three-Round Threshold Schnorr from DL

Guilhem Niot, PQShield, Univ Rennes, CNRS, IRISA
Michael Reichle, ETH Zurich
Kaoru Takemure, PQShield, National Institute of Advanced Industrial Science and Technology
Abstract

Threshold signatures are an important tool for trust distribution, and preserving the interface of standardized signatures, such as Schnorr signatures, is crucial for their adoption. In practice, latency dominates end-to-end signing time, so minimizing the number of interaction rounds is critical. Ideally, this is achieved under minimal assumptions and with adaptive security, where the adversary can corrupt signers on-the-fly during the protocol. While Schnorr signatures are proven secure under the Discrete Logarithm (DL) assumption in the random oracle model, the most round-efficient adaptively-secure threshold Schnorr protocols rely on stronger assumptions such as Decisional Diffie-Hellman (DDH), the Algebraic One-More Discrete Logarithm (AOMDL) or even the Low-Dimensional Vector Representation (LDVR) assumptions. The only adaptively-secure threshold Schnorr signature from the DL assumption requires five rounds, leaving a significant gap in our understanding of this fundamental primitive. Achieving low-round protocols with adaptive security from the DL assumption has remained an open question.We resolve this question by presenting the first adaptively-secure threshold Schnorr scheme in three rounds (two online, one offline) in the random oracle model under the DL assumption. Our result demonstrates that achieving both low round complexity and adaptive security is possible while preserving the (so far) minimal assumptions for Schnorr signatures.To achieve this, we introduce new techniques, including a novel use of an equivocal commitment scheme paired with a simulation-extractable NIZK, and a masking-based aggregated opening strategy for homomorphic commitments. Our work also makes several contributions that might be of independent interest, including a formalization of a strong adaptive security notion, a stronger commitment equivocation property, and an analysis of the simulation-extractability of the randomized Fischlin transformation.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in EUROCRYPT 2026
Keywords
Threshold signaturesAdaptive securitySchnorr signaturesThree-roundDL
Contact author(s)
guilhem @gniot fr
michael reichle @inf ethz ch
kaoru takemure @pqshield com
History
2026-02-19: last of 4 revisions
2025-10-17: received
See all versions
Short URL
https://ia.cr/2025/1941
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/1941,      author = {Guilhem Niot and Michael Reichle and Kaoru Takemure},      title = {Adaptively-Secure Three-Round Threshold Schnorr from {DL}},      howpublished = {Cryptology {ePrint} Archive, Paper 2025/1941},      year = {2025},      url = {https://eprint.iacr.org/2025/1941}}
IACR Logo
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.

[8]ページ先頭

©2009-2026 Movatter.jp