International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

One-More Unforgeability for Multi- and Threshold Signatures

Authors:
Sela Navot , University of Washington
Stefano Tessaro , University of Washington
Download:
Search ePrint
Search Google
Presentation: Slides
Conference: ASIACRYPT 2024
Abstract: This paper initiates the study of one-more unforgeability for multi-signatures and threshold signatures as a stronger security goal, ensuring that $\ell$ executions of a signing protocol cannot result in more than $\ell$ signatures. This notion is widely used in the context of blind signatures, but we argue that it is a convenient way to model strong unforgeability for other types of distributed signing protocols. We provide formal security definitions for one-more unforgeability (OMUF) and show that the HBMS multi-signature scheme does not satisfy this definition, whereas MuSig and MuSig2 do. In the full version of this paper, we also show that mBCJ does not satisfy OMUF, as well as expose a subtle issue with its existential unforgeability. For threshold signatures, FROST satisfies OMUF, but ROAST does not.
BibTeX
@inproceedings{asiacrypt-2024-34648,
  title={One-More Unforgeability for Multi- and Threshold Signatures},
  publisher={Springer-Verlag},
  author={Sela Navot and Stefano Tessaro},
  year=2024
}