MuSig-L: Lattice-Based Multi-signature with Single-Round Online Phase

Cecilia Boschini, Akira Takahashi, Mehdi Tibouchi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Multi-signatures are protocols that allow a group of signers to jointly produce a single signature on the same message. In recent years, a number of practical multi-signature schemes have been proposed in the discrete-log setting, such as MuSig2 (CRYPTO’21) and DWMS (CRYPTO’21). The main technical challenge in constructing a multi-signature scheme is to achieve a set of several desirable properties, such as (1) security in the plain public-key (PPK) model, (2) concurrent security, (3) low online round complexity, and (4) key aggregation. However, previous lattice-based, post-quantum counterparts to Schnorr multi-signatures fail to satisfy these properties.
In this paper, we introduce MuSig-L, a lattice-based multi-signature scheme simultaneously achieving these design goals for the first time. Unlike the recent, round-efficient proposal of Damgård et al. (PKC’21), which had to rely on lattice-based trapdoor commitments, we do not require any additional primitive in the protocol, while being able to prove security from the standard module-SIS and LWE assumptions. The resulting output signature of our scheme therefore looks closer to the usual Fiat–Shamir-with-abort signatures.
Original languageEnglish
Title of host publicationAdvances in Cryptology – CRYPTO 2022: 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15–18, 2022, Proceedings, Part II
EditorsYevgeniy Dodis, Thomas Shrimpton
PublisherSpringer, Cham
Number of pages30
ISBN (Electronic)978-3-031-15979-4
ISBN (Print)978-3-031-15978-7
Publication statusPublished - 13 Oct 2022
EventThe 42nd Annual International Cryptology Conference, 2022 - Santa Barbara, United States
Duration: 13 Aug 202218 Aug 2022
Conference number: 42

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Cham
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceThe 42nd Annual International Cryptology Conference, 2022
Abbreviated titleCRYPTO 2022
Country/TerritoryUnited States
CitySanta Barbara
Internet address


Dive into the research topics of 'MuSig-L: Lattice-Based Multi-signature with Single-Round Online Phase'. Together they form a unique fingerprint.

Cite this