Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [multi-signature]

A multi-signature is a signature made by multiple parties.

A multisignature (also spelled multi-signature) is a scheme where multiple participants collaborate to produce a join signature of a single document. Making a valid signature requires all the co-signers' private keys.

13 questions
5
votes
0 answers

Why do we use Generlized Forking Lemma with several crucial points, while in the security proof we just rewind to a single point

Recently I have been reading this paper by Dan Boneh et al., where the authors are going to use a general form of forking lemma, to prove the security of their Schnorr multi-signature. As I understood, this general form of forking lemma is about…
A.Solei
  • 415
  • 2
  • 11
2
votes
0 answers

What is the difference between the [1]forking lemma(David Pointcheval) and the [2]general forking lemma(Mihir Bellare)?

My course teacher mentioned that the two forking lemmas have different prerequisites for use. The former article (Security Arguments for Digital Signatures and Blind Signature) is more limited, but I did not find it in the second article I read, and…
Kohsin Ko
  • 21
  • 1
2
votes
0 answers

Deriving multiple deterministic keys in a Schnorr Multisig setup

Let's say that Alice and Bob have generated truly random private keys $a$ and $b$ and want to use them in Schnorr signing. They calculate $X = g^a \cdot g^b$ as their mutual public key. For whatever reason, they want to derive several new key pairs…
werki
  • 21
  • 1
2
votes
2 answers

Merge two multisignatures

I want to know if there is a multisignature scheme that allows the merging of two multisignatures for the same data but by two different sets of users, and without knowing the corresponding private keys. The goal is to obtain a single multisig that…
JacopoStanchi
  • 241
  • 1
  • 11
2
votes
1 answer

Before Bitcoin what was the motivation for researching key aggregation multisig and threshold schemes?

The motivation for key aggregation multisig and threshold schemes (e.g. MuSig(2), FROST etc) in Bitcoin is obvious. Signatures are a large part of every transaction, all the nodes on the network are attempting to verify every signature and…
Michael Folkson
  • 207
  • 1
  • 8
1
vote
1 answer

Is BLS multi-signature aggregation separable?

In BLS multi-signature aggregation scheme we can combine different signatures of different peers into one single signature, and then we can verify whether the aggregated signature is truly signed by the claimed peers. My questions is, having an…
Arian B
  • 65
  • 5
1
vote
0 answers

Looking for a partially blind multisignature scheme?

I am working in a project inspired in digital cash where we would like to use partially-blind signatures. This is so that the Bank signs a check with a hidden serial number (S), but a plainly visible denomination value (V). Because we may not wholly…
Alex Pinto
  • 236
  • 1
  • 3
1
vote
0 answers

What signature schemes allow for a space efficient multisig? Any that also allow others to easily add to an existing signature?

For instance, Is there a scheme where 100 people could produce a signature that is only as long as one signature? Is there one like this that can be done where each person can merely modify an existing signature to add theirs to an existing group…
user40176
  • 165
  • 5
1
vote
0 answers

Proof in "New Multi-Signatures in the Plain Public-key Model and a General Forking lemma"

Reading here,I was confused in the proof of "A Multi-Signature Scheme based on Discrete Logarithms" proposed by authors.I felt strange to the technique(using array $T_0[]$、$T_1[]$、$T_2[]$ and state $alert$、$bad$),can someone give me a…
Laura
  • 377
  • 2
  • 11
1
vote
0 answers

Rogue key attack vs key cancellation attack

Are the rogue key attack and the key cancellation attack identical within digital multi signature? In both cases the attacker generates a valid signature instead of other cosigners, to my understanding.
Nawras Hussein
  • 101
  • 6
0
votes
1 answer

Multi signature encryption (multiple people can decrypt)

I understand that multi sig transactions exist so that X of N need to sign to release a transaction. If only 1 of N is required I guess any of the recipients can spend. This made me wonder, is it possible to encrypt something, so that any one of a…
besch
0
votes
1 answer

Why can this adversary forge a BLS proof-of-possession signature?

This paper RY07, section 4.3, gives an example of how proofs-of-possession can fail to prevent rogue keys in the context of the BMS multi-signature scheme (based on BLS signatures). The attacker computes his rogue key as $D^* = \frac{g^{d'}}{D} =…
conduition
  • 3
  • 2
0
votes
0 answers

Decrypt aggregate signature scheme

I've learnt in the university course that using BLS, one can generate an aggregate signature using public keys of a given parties. We can then use a given party's public key to verify his participation in the aggregated signature. But... does BLS or…
mele
  • 1