Skip to content

Rust implementation of multi-party Schnorr signatures over elliptic curves.

License

Notifications You must be signed in to change notification settings

ZenGo-X/multi-party-schnorr

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Build Status License: GPL v3

Multi Party Schnorr Signatures

This library contains several Rust implementations of multi-signature Schnorr schemes. Generally speaking, these schemes can be classified into:

  1. {n,n}-multi-signature scheme. These schemes require that all parties engage in cooperation to issue the signature.
  2. {t,n}-threshold-signature schemes (TSS). These schemes require that any subset of at least t+1 parties engage in cooperation to issue a valid signature.

Different protocol implementation

This repo implements different Schnorr multi-signature schemes. There is tradoffs between these schemes with respect to type, performance, communications rounds and security assumptions. We use abbreviations DLP, ROM, ASM for respectively, discrete log problem, random oracle model, algebraic group model.

protocol Type Rounds Assumptions comments
Boneh, et al.(MuSig) [2] (section 5) {n,n} 3 DLP, ROM fixes the security proof of [1]
Nick, et al.(MuSig2) [3] {n,n} 2 DLP, ROM, AGM improvement on [2]
Micali, et al. [4] {n,n} 3 DLP, ROM
Stinson-Strobl [5] {t,n} 3 DLP, ROM See (*)

(*) For more efficient implementation we used the DKG from Fast Multiparty Threshold ECDSA with Fast Trustless Setup. The cost is robustness: if there is a malicious party out of the n parties in DKG the protocol stops and if there is a malicious party out of the t parties used for signing the signature protocol will stop

Disclaimers:

(1) This code should not be used for production at the moment.

(2) This code is not secure against side-channel attacks

(3) The code does not contain a network layer (if you are interested, check white-city for ongoing effort, contribtutions are welcome)

Contact

Feel free to reach out or join the ZenGo X Telegram for discussions on code and research.

License

The library is released under the terms of the GPL-3.0 license. See LICENSE for more information.

References

[1] https://github.com/KZen-networks/multi-party-schnorr/blob/master/papers/simple_schnorr_multi_signatures_with_applications_to_bitcoin.pdf

[2] https://github.com/KZen-networks/multi-party-schnorr/blob/master/papers/compact_multi_signatures_for_smaller_blockchains.pdf

[3] https://github.com/KZen-networks/multi-party-schnorr/blob/master/papers/musig2_simple_two_round_schnorr_multi_signatures.pdf

[4] https://github.com/KZen-networks/multi-party-schnorr/blob/master/papers/accountable_subgroups_multisignatures.pdf

[5] https://github.com/KZen-networks/multi-party-schnorr/blob/master/papers/provably_secure_distributed_schnorr_signatures_and_a_threshold_scheme.pdf