CryptoDB
Chain Reductions for Multi-Signatures and the HBMS Scheme
Authors: |
|
---|---|
Download: | |
Conference: | ASIACRYPT 2021 |
Abstract: | Existing proofs for existing Discrete Log (DL) based multi-signature schemes give only weak guarantees if the schemes are implemented, as they are in practice, in 256-bit groups. This is because the underlying reductions, which are mostly in the standard model and from DL, are loose. We show that relaxing either the model or the assumption suffices to obtain tight reductions. Namely we give (1) tight proofs from DL in the Algebraic Group Model, and (2) tight, standard-model proofs from well-founded assumptions other than DL. We first do this for the classical 3-round schemes, namely $\BN$ and $\MuSig$. Then we give a new 2-round multi-signature scheme, $\MSB$, as efficient as prior ones, for which we do the same. These multiple paths to security for a single scheme are made possible by a framework of chain reductions, in which a reduction is broken into a chain of sub-reductions involving intermediate problems. Overall our results improve the security guarantees for DL-based multi-signature schemes in the groups in which they are implemented in practice. |
Video from ASIACRYPT 2021
BibTeX
@inproceedings{asiacrypt-2021-31365, title={Chain Reductions for Multi-Signatures and the HBMS Scheme}, publisher={Springer-Verlag}, doi={10.1007/978-3-030-92068-5_22}, author={Mihir Bellare and Wei Dai}, year=2021 }