This library contains several Rust implementations of multi-signature Schnorr schemes. Generally speaking, these schemes can be classified into:
- {n,n}-multi-signature scheme. These schemes require that all parties engage in cooperation to issue the signature.
- {t,n}-threshold-signature schemes (TSS). These schemes require that any subset of at least t+1 parties engage in cooperation to issue a valid signature.
This repo implements different Schnorr multi-signature schemes. There is tradoffs between these schemes with respect to type, performance, communications rounds and security assumptions. We use abbreviations DLP, ROM, ASM for respectively, discrete log problem, random oracle model, algebraic group model.
| protocol | Type | Rounds | Assumptions | comments |
|---|---|---|---|---|
| Boneh, et al.(MuSig) [2] (section 5) | {n,n} | 3 | DLP, ROM | fixes the security proof of [1] |
| Nick, et al.(MuSig2) [3] | {n,n} | 2 | DLP, ROM, AGM | improvement on [2] |
| Micali, et al. [4] | {n,n} | 3 | DLP, ROM | |
| Stinson-Strobl [5] | {t,n} | 3 | DLP, ROM | See (*) |
(*) For more efficient implementation we used the DKG from Fast Multiparty Threshold ECDSA with Fast Trustless Setup. The cost is robustness: if there is a malicious party out of the n parties in DKG the protocol stops and if there is a malicious party out of the t parties used for signing the signature protocol will stop
Disclaimers:
(1) This code should not be used for production at the moment.
(2) This code is not secure against side-channel attacks
(3) The code does not contain a network layer (if you are interested, check white-city for ongoing effort, contribtutions are welcome)
Feel free to reach out or join the ZenGo X Telegram for discussions on code and research.
The library is released under the terms of the GPL-3.0 license. See LICENSE for more information.