International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

MuSig-L: Lattice-Based Multi-Signature With Single-Round Online Phase

Authors:
Cecilia Boschini , Technion and Reichman University
Akira Takahashi , Aarhus University
Mehdi Tibouchi , NTT Corporation
Download:
Search ePrint
Search Google
Presentation: Slides
Conference: CRYPTO 2022
Abstract: Multi-signatures are protocols that allow a group of signers to jointly produce a single signature on the same message. In recent years, a number of practical multi-signature schemes have been proposed in the discrete-log setting, such as MuSigT (CRYPTO'21) and DWMS (CRYPTO'21). The main technical challenge in constructing a multi-signature scheme is to achieve a set of several desirable properties, such as (1) security in the plain public-key (PPK) model, (2) concurrent security, (3) low online round complexity, and (4) key aggregation. However, previous lattice-based, post-quantum counterparts to Schnorr multi-signatures fail to satisfy these properties. In this paper, we introduce MuSigL, a lattice-based multi-signature scheme simultaneously achieving these design goals for the first time. Unlike the recent, round-efficient proposal of Damgård et al. (PKC'21), which had to rely on lattice-based trapdoor commitments, we do not require any additional primitive in the protocol, while being able to prove security from the standard module-SIS and LWE assumptions. The resulting output signature of our scheme therefore looks closer to the usual Fiat--Shamir-with-abort signatures.
Video from CRYPTO 2022
BibTeX
@inproceedings{crypto-2022-32240,
  title={MuSig-L: Lattice-Based Multi-Signature With Single-Round Online Phase},
  publisher={Springer-Verlag},
  author={Cecilia Boschini and Akira Takahashi and Mehdi Tibouchi},
  year=2022
}