MuSig-L: Lattice-Based Multi-signature with Single-Round Online Phase

Cecilia Boschini; Akira Takahashi; Mehdi Tibouchi

doi:10.1007/978-3-031-15979-4_10

MuSig-L: Lattice-Based Multi-signature with Single-Round Online Phase

Cecilia Boschini, Akira Takahashi, Mehdi Tibouchi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Multi-signatures are protocols that allow a group of signers to jointly produce a single signature on the same message. In recent years, a number of practical multi-signature schemes have been proposed in the discrete-log setting, such as MuSig2 (CRYPTO’21) and DWMS (CRYPTO’21). The main technical challenge in constructing a multi-signature scheme is to achieve a set of several desirable properties, such as (1) security in the plain public-key (PPK) model, (2) concurrent security, (3) low online round complexity, and (4) key aggregation. However, previous lattice-based, post-quantum counterparts to Schnorr multi-signatures fail to satisfy these properties.
In this paper, we introduce MuSig-L, a lattice-based multi-signature scheme simultaneously achieving these design goals for the first time. Unlike the recent, round-efficient proposal of Damgård et al. (PKC’21), which had to rely on lattice-based trapdoor commitments, we do not require any additional primitive in the protocol, while being able to prove security from the standard module-SIS and LWE assumptions. The resulting output signature of our scheme therefore looks closer to the usual Fiat–Shamir-with-abort signatures.

Original language	English
Title of host publication	Advances in Cryptology – CRYPTO 2022: 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15–18, 2022, Proceedings, Part II
Editors	Yevgeniy Dodis, Thomas Shrimpton
Publisher	Springer, Cham
Pages	276-305
Number of pages	30
Volume	2
ISBN (Electronic)	978-3-031-15979-4
ISBN (Print)	978-3-031-15978-7
DOIs	https://doi.org/10.1007/978-3-031-15979-4_10
Publication status	Published - 13 Oct 2022
Event	The 42nd Annual International Cryptology Conference, 2022 - Santa Barbara, United States Duration: 13 Aug 2022 → 18 Aug 2022 Conference number: 42 https://crypto.iacr.org/2022/

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer Cham
Volume	13508
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	The 42nd Annual International Cryptology Conference, 2022
Abbreviated title	CRYPTO 2022
Country/Territory	United States
City	Santa Barbara
Period	13/08/22 → 18/08/22
Internet address	https://crypto.iacr.org/2022/

Access to Document

10.1007/978-3-031-15979-4_10Licence: All Rights Reserved

https://link.springer.com/chapter/10.1007/978-3-031-15979-4_10Licence: All Rights Reserved

Cite this

Boschini, C., Takahashi, A., & Tibouchi, M. (2022). MuSig-L: Lattice-Based Multi-signature with Single-Round Online Phase. In Y. Dodis, & T. Shrimpton (Eds.), Advances in Cryptology – CRYPTO 2022: 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15–18, 2022, Proceedings, Part II (Vol. 2, pp. 276-305). (Lecture Notes in Computer Science; Vol. 13508). Springer, Cham. https://doi.org/10.1007/978-3-031-15979-4_10

Boschini, Cecilia ; Takahashi, Akira ; Tibouchi, Mehdi. / MuSig-L: Lattice-Based Multi-signature with Single-Round Online Phase. Advances in Cryptology – CRYPTO 2022: 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15–18, 2022, Proceedings, Part II. editor / Yevgeniy Dodis ; Thomas Shrimpton. Vol. 2 Springer, Cham, 2022. pp. 276-305 (Lecture Notes in Computer Science).

@inproceedings{ebd5f717ef054a85b89977da2cf8d55a,

title = "MuSig-L: Lattice-Based Multi-signature with Single-Round Online Phase",

abstract = "Multi-signatures are protocols that allow a group of signers to jointly produce a single signature on the same message. In recent years, a number of practical multi-signature schemes have been proposed in the discrete-log setting, such as MuSig2 (CRYPTO{\textquoteright}21) and DWMS (CRYPTO{\textquoteright}21). The main technical challenge in constructing a multi-signature scheme is to achieve a set of several desirable properties, such as (1) security in the plain public-key (PPK) model, (2) concurrent security, (3) low online round complexity, and (4) key aggregation. However, previous lattice-based, post-quantum counterparts to Schnorr multi-signatures fail to satisfy these properties.In this paper, we introduce MuSig-L, a lattice-based multi-signature scheme simultaneously achieving these design goals for the first time. Unlike the recent, round-efficient proposal of Damg{\aa}rd et al. (PKC{\textquoteright}21), which had to rely on lattice-based trapdoor commitments, we do not require any additional primitive in the protocol, while being able to prove security from the standard module-SIS and LWE assumptions. The resulting output signature of our scheme therefore looks closer to the usual Fiat–Shamir-with-abort signatures.",

author = "Cecilia Boschini and Akira Takahashi and Mehdi Tibouchi",

note = "Funding Information: Acknowledgment. The authors are grateful to Claudio Orlandi for discussions in the earlier stages of this work. We thank Carsten Baum, Katharina Boudgoust, and Mark Simkin for helpful comments and discussions. Cecilia Boschini has been supported by the Universit{\`a} della Svizzera Italiana under the SNSF project number 182452, and by the Postdoc. Mobility grant No. P500PT 203075. Akira Takahashi has been supported by the Carlsberg Foundation under the Semper Ardens Research Project CF18-112 (BCM); the European Research Council (ERC) under the European Unions{\textquoteright}s Horizon 2020 research and innovation programme under grant agreement No. 803096 (SPEC). Publisher Copyright: {\textcopyright} 2022, International Association for Cryptologic Research.; The 42nd Annual International Cryptology Conference, 2022, CRYPTO 2022 ; Conference date: 13-08-2022 Through 18-08-2022",

year = "2022",

month = oct,

day = "13",

doi = "10.1007/978-3-031-15979-4_10",

language = "English",

isbn = "978-3-031-15978-7",

volume = "2",

series = "Lecture Notes in Computer Science",

publisher = "Springer, Cham",

pages = "276--305",

editor = "Yevgeniy Dodis and Thomas Shrimpton",

booktitle = "Advances in Cryptology – CRYPTO 2022: 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15–18, 2022, Proceedings, Part II",

url = "https://crypto.iacr.org/2022/",

}

Boschini, C, Takahashi, A & Tibouchi, M 2022, MuSig-L: Lattice-Based Multi-signature with Single-Round Online Phase. in Y Dodis & T Shrimpton (eds), Advances in Cryptology – CRYPTO 2022: 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15–18, 2022, Proceedings, Part II. vol. 2, Lecture Notes in Computer Science, vol. 13508, Springer, Cham, pp. 276-305, The 42nd Annual International Cryptology Conference, 2022, Santa Barbara, California, United States, 13/08/22. https://doi.org/10.1007/978-3-031-15979-4_10

MuSig-L: Lattice-Based Multi-signature with Single-Round Online Phase. / Boschini, Cecilia; Takahashi, Akira; Tibouchi, Mehdi.

Advances in Cryptology – CRYPTO 2022: 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15–18, 2022, Proceedings, Part II. ed. / Yevgeniy Dodis; Thomas Shrimpton. Vol. 2 Springer, Cham, 2022. p. 276-305 (Lecture Notes in Computer Science; Vol. 13508).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - MuSig-L: Lattice-Based Multi-signature with Single-Round Online Phase

AU - Boschini, Cecilia

AU - Takahashi, Akira

AU - Tibouchi, Mehdi

N1 - Conference code: 42

PY - 2022/10/13

Y1 - 2022/10/13

N2 - Multi-signatures are protocols that allow a group of signers to jointly produce a single signature on the same message. In recent years, a number of practical multi-signature schemes have been proposed in the discrete-log setting, such as MuSig2 (CRYPTO’21) and DWMS (CRYPTO’21). The main technical challenge in constructing a multi-signature scheme is to achieve a set of several desirable properties, such as (1) security in the plain public-key (PPK) model, (2) concurrent security, (3) low online round complexity, and (4) key aggregation. However, previous lattice-based, post-quantum counterparts to Schnorr multi-signatures fail to satisfy these properties.In this paper, we introduce MuSig-L, a lattice-based multi-signature scheme simultaneously achieving these design goals for the first time. Unlike the recent, round-efficient proposal of Damgård et al. (PKC’21), which had to rely on lattice-based trapdoor commitments, we do not require any additional primitive in the protocol, while being able to prove security from the standard module-SIS and LWE assumptions. The resulting output signature of our scheme therefore looks closer to the usual Fiat–Shamir-with-abort signatures.

AB - Multi-signatures are protocols that allow a group of signers to jointly produce a single signature on the same message. In recent years, a number of practical multi-signature schemes have been proposed in the discrete-log setting, such as MuSig2 (CRYPTO’21) and DWMS (CRYPTO’21). The main technical challenge in constructing a multi-signature scheme is to achieve a set of several desirable properties, such as (1) security in the plain public-key (PPK) model, (2) concurrent security, (3) low online round complexity, and (4) key aggregation. However, previous lattice-based, post-quantum counterparts to Schnorr multi-signatures fail to satisfy these properties.In this paper, we introduce MuSig-L, a lattice-based multi-signature scheme simultaneously achieving these design goals for the first time. Unlike the recent, round-efficient proposal of Damgård et al. (PKC’21), which had to rely on lattice-based trapdoor commitments, we do not require any additional primitive in the protocol, while being able to prove security from the standard module-SIS and LWE assumptions. The resulting output signature of our scheme therefore looks closer to the usual Fiat–Shamir-with-abort signatures.

U2 - 10.1007/978-3-031-15979-4_10

DO - 10.1007/978-3-031-15979-4_10

M3 - Conference contribution

SN - 978-3-031-15978-7

VL - 2

T3 - Lecture Notes in Computer Science

SP - 276

EP - 305

BT - Advances in Cryptology – CRYPTO 2022: 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15–18, 2022, Proceedings, Part II

A2 - Dodis, Yevgeniy

A2 - Shrimpton, Thomas

PB - Springer, Cham

T2 - The 42nd Annual International Cryptology Conference, 2022

Y2 - 13 August 2022 through 18 August 2022

ER -