Bachelor / Master Thesis

Exploring threshold signature schemes

Public-key cryptography works with a public-secret key pair (PK, SK). When it comes to signature schemes, a party that knows SK can sign a message and any party that knows PK can then verify the signature. In threshold cryptography, the secret key SK does not exist in a single place but is distributed over multiple parties. Every party only possesses a key share, which is a piece of the secret key, as resulting from a secret-sharing algorithm [1]. Hence, a threshold signature scheme allows the parties to produce signature shares, and a party that receives enough such shares can combine them to obtain a standard signature.

Many threshold signature schemes have been proposed in the literature. Some consist of a single round (also called non-interactive); here a party only has to create a signature share and any party can then combine the shares into a single signature. An example is BLS scheme [2]. Other schemes are interactive; parties engage in a two- or three-round protocol in order to produce the final signature. A recent scheme of this kind is FROST [3]. Threshold signature schemes also differ in other dimensions, such as the type of mathematical primitives used.

This project aims at comparing the efficiency of different threshold signature schemes. The comparison should use an experimental approach. Implementations of the schemes, as available in public repositories or developed by the CRYPTO lab, will be considered.


[1] How to Share a Secret

[2] Short Signatures from the Weil Pairing

[3] FROST: Flexible Round-Optimized Schnorr Threshold Signatures

Contact Orestis Alpos or Mariarosaria Barbaraci for more information.

Nature of the project: Theory 30%, Systems 70%.