Multi party Schnorr Rust implementation

Omer Shlomovits wrote:

Hello all, I am working for the past few months with collaborators (in cc) on providing Rust reference implementations to existing multi party schemes for Schnorr signatures [1]. This includes aggregated signatures, accountable signatures (which for n out of n are multi-signatures) and threshold signatures (wip).

The project can be found here: . We aim that if the protocol is run in a configuration of a single party it

will be bip-schnorr [2] compliant. Hope you’ll find it useful :)

Questions, suggestions and pull requests are welcome!

According to Devrandom, interactive signatures are not ideal for air-gapped use cases so candidates for non-interactive signatures will be more suitable for Omer’s proposal.

However, Anthony Towns suggested a way around the issue by ‘batching’ signing requests, which for interactive multisignatures, the protocol is to

produce secret nonce r, calculate public nonce R=r*G

everyone shares H(R)

everyone shares R, checks received values match received hashes

everyone calculates s = r+H(R',P',m) * p , shares s

The process is slightly different for Deterministic nonces. r is generated based on messages being signed and private keys. Also, one does not require deterministic keys in this case but the same nonce should not be used with a different message. This method will produce a similar result to interactivity.

More on the project can be found on Github on pages one and two.

Support us and the authors of this article by donating to the following address:


Comments powered by Talkyard.