Two-Round Threshold Signatures with FROST
draft-irtf-cfrg-frost-01
Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Active".
Expired & archived
|
|
---|---|---|---|
Authors | Chelsea Komlo , Ian Goldberg , T Wilson-Brown | ||
Last updated | 2022-02-12 (Latest revision 2021-08-11) | ||
RFC stream | Internet Research Task Force (IRTF) | ||
Formats | |||
IETF conflict review | conflict-review-irtf-cfrg-frost, conflict-review-irtf-cfrg-frost, conflict-review-irtf-cfrg-frost, conflict-review-irtf-cfrg-frost, conflict-review-irtf-cfrg-frost, conflict-review-irtf-cfrg-frost, conflict-review-irtf-cfrg-frost | ||
Additional resources | Mailing list discussion | ||
Stream | IRTF state | Active RG Document | |
Consensus boilerplate | Unknown | ||
Document shepherd | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
In this draft, we present a two-round signing variant of FROST, a Flexible Round-Optimized Schnorr Threshold signature scheme. FROST signatures can be issued after a threshold number of entities cooperate to issue a signature, allowing for improved distribution of trust and redundancy with respect to a secret key. Further, this draft specifies signatures that are compatible with EdDSA verification of signatures. However, this draft does not generate deterministic nonces as defined by EdDSA, to ensure protection against a key-recovery attack that is possible when even only one participant is malicious.
Authors
Chelsea Komlo
Ian Goldberg
T Wilson-Brown
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)