International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Privacy-Preserving Multi-Signatures: Generic Techniques and Constructions Without Pairings

Authors:
Calvin Abou Haidar , NTT Social Informatics Laboratories
Dipayan Das , Department of Mathematics and Statistics, Florida Atlantic University
Anja Lehmann , Hasso-Plattner-Institute, University of Potsdam
Cavit Özbay , Hasso-Plattner-Institute, University of Potsdam
Octavio Perez Kempner , NTT Social Informatics Laboratories
Download:
Search ePrint
Search Google
Conference: PKC 2025
Abstract: Multi-signatures allow a set of parties to produce a single signature for a common message by combining their individual signatures. The result can be verified using the aggregated public key that represents the group of signers. Very recent work by Lehmann and Özbay (PKC '24) studied the use of multi-signatures for ad-hoc privacy-preserving group signing, formalizing the notion of multi-signatures with probabilistic yet verifiable key aggregation. Moreover, they proposed new BLS-type multi-signatures, allowing users holding a long-term key pair to engage with different groups, without the aggregated key leaking anything about the corresponding group. This enables key-reuse across different groups in a privacy-preserving way. Unfortunately, their technique cannot be applied to Schnorr-type multi-signatures, preventing state-of-the-art multi-signatures to benefit from those privacy features. In this work, we revisit the privacy framework from Lehmann and Özbay. Our first contribution is a generic lift that adds privacy to any multi-signature with deterministic key aggregation. As our second contribution, we study two concrete multi-signatures, and give dedicated transforms that take advantage of the underlying structures for improved efficiency. The first one is a slight modification of the popular MuSig2 scheme, achieving the strongest privacy property for free compared to the original scheme. The second is a variant of the lattice-based multi-signature scheme DualMS, making our construction the first post-quantum secure multi-signature for ad-hoc privacy-preserving group signing. The light overhead incurred by the modifications in our DualMS variant still allow us to benefit from the competitiveness of the original scheme.
BibTeX
@inproceedings{pkc-2025-35187,
  title={Privacy-Preserving Multi-Signatures: Generic Techniques and Constructions Without Pairings},
  publisher={Springer-Verlag},
  author={Calvin Abou Haidar and Dipayan Das and Anja Lehmann and Cavit Özbay and Octavio Perez Kempner},
  year=2025
}