{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T19:51:01Z","timestamp":1774381861754,"version":"3.50.1"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030816513","type":"print"},{"value":"9783030816520","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-81652-0_2","type":"book-chapter","created":{"date-parts":[[2021,7,20]],"date-time":"2021-07-20T06:26:19Z","timestamp":1626762379000},"page":"34-65","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":131,"title":["FROST: Flexible Round-Optimized Schnorr Threshold Signatures"],"prefix":"10.1007","author":[{"given":"Chelsea","family":"Komlo","sequence":"first","affiliation":[]},{"given":"Ian","family":"Goldberg","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,7,21]]},"reference":[{"key":"2_CR1","doi-asserted-by":"crossref","unstructured":"Abidin, A., Aly, A., Mustafa, M.A.: Collaborative authentication using threshold cryptography. In: Emerging Technologies for Authorization and Authentication, pp. 122\u2013137 (2020)","DOI":"10.1007\/978-3-030-39749-4_8"},{"key":"2_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/3-540-36288-6_7","volume-title":"Public Key Cryptography \u2014 PKC 2003","author":"M Bellare","year":"2003","unstructured":"Bellare, M., Boldyreva, A., Staddon, J.: Randomness re-use in multi-recipient encryption schemeas. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 85\u201399. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36288-6_7"},{"key":"2_CR3","doi-asserted-by":"publisher","unstructured":"Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 390\u2013399 (2006). https:\/\/doi.org\/10.1145\/1180405.1180453","DOI":"10.1145\/1180405.1180453"},{"key":"2_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/0-387-34799-2_3","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 88","author":"J Benaloh","year":"1990","unstructured":"Benaloh, J., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) Generalized Secret Sharing and Monotone Functions. LNCS, vol. 403, pp. 27\u201335. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34799-2_3"},{"key":"2_CR5","unstructured":"Benhamouda, F., Lepoint, T., Orr\u00f9, M., Raykova, M.: On the (in)security of ROS. Technical report 2020\/945, IACR ePrint (2020). https:\/\/eprint.iacr.org\/2020\/945"},{"key":"2_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"435","DOI":"10.1007\/978-3-030-03329-3_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"D Boneh","year":"2018","unstructured":"Boneh, D., Drijvers, M., Neven, G.: Compact multi-signatures for smaller blockchains. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 435\u2013464. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03329-3_15"},{"issue":"4","key":"2_CR7","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1007\/s00145-004-0314-9","volume":"17","author":"D Boneh","year":"2004","unstructured":"Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297\u2013319 (2004). https:\/\/doi.org\/10.1007\/s00145-004-0314-9","journal-title":"J. Cryptol."},{"key":"2_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"342","DOI":"10.1007\/978-3-540-30576-7_19","volume-title":"Theory of Cryptography","author":"R Cramer","year":"2005","unstructured":"Cramer, R., Damg\u00e5rd, I., Ishai, Y.: Share conversion, pseudorandom secret-sharing and applications to secure computation. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 342\u2013362. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/978-3-540-30576-7_19"},{"key":"2_CR9","unstructured":"Damg\u00e5rd, I., Jakobsen, T.P., Nielsen, J.B., Pagter, J.I., \u00d8sterg\u00e5rd, M.B.: Fast threshold ECDSA with honest majority. Technical report 2020\/501, IACR ePrint (2020). https:\/\/eprint.iacr.org\/2020\/501"},{"key":"2_CR10","doi-asserted-by":"crossref","unstructured":"Drijvers, M., et al.: On the security of two-round multi-signatures. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1084\u20131101 (2019)","DOI":"10.1109\/SP.2019.00050"},{"key":"2_CR11","doi-asserted-by":"publisher","unstructured":"Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: Proceedings of the 28th Annual Symposium on Foundations of Computer Science, SFCS 1987, pp. 427\u2013438 (1987). https:\/\/doi.org\/10.1109\/SFCS.1987.4","DOI":"10.1109\/SFCS.1987.4"},{"key":"2_CR12","doi-asserted-by":"publisher","unstructured":"Gennaro, R., Goldfeder, S.: Fast multiparty threshold ECDSA with fast trustless setup. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 1179\u20131194 (2018). https:\/\/doi.org\/10.1145\/3243734.3243859","DOI":"10.1145\/3243734.3243859"},{"key":"2_CR13","unstructured":"Gennaro, R., Goldfeder, S.: One round threshold ECDSA with identifiable abort. Technical report 2020\/540, IACR ePrint (2020). https:\/\/eprint.iacr.org\/2020\/540"},{"key":"2_CR14","doi-asserted-by":"crossref","unstructured":"Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure applications of Pedersen\u2019s distributed key generation protocol. In: Topics in Cryptology \u2013 CT-RSA 2003, pp. 373\u2013390 (2003)","DOI":"10.1007\/3-540-36563-X_26"},{"key":"2_CR15","doi-asserted-by":"publisher","unstructured":"Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 20(1), 51\u201383 (2006). https:\/\/doi.org\/10.1007\/s00145-006-0347-3","DOI":"10.1007\/s00145-006-0347-3"},{"key":"2_CR16","unstructured":"Goldfeder, S., et al.: Securing Bitcoin wallets via a new DSA\/ECDSA threshold signature scheme (2015). http:\/\/stevengoldfeder.com\/papers\/threshold_sigs.pdf. Accessed Dec 2019"},{"key":"2_CR17","doi-asserted-by":"crossref","unstructured":"Josefsson, S., Liusvaara, I.: Edwards-Curve Digital Signature Algorithm (EdDSA), January 2017. https:\/\/tools.ietf.org\/html\/rfc8032","DOI":"10.17487\/RFC8032"},{"key":"2_CR18","unstructured":"KZen Networks: Multi Party Schnorr Signatures (2019). https:\/\/github.com\/KZen-networks\/multi-party-schnorr. Accessed Jan 2020"},{"key":"2_CR19","unstructured":"Lovecruft, I., de Valence, H.: The Ristretto Group (2020). https:\/\/doc.dalek.rs\/curve25519_dalek\/"},{"key":"2_CR20","unstructured":"Lueks, W.: Security and Privacy via Cryptography \u2013 Having your cake and eating it too (2017). https:\/\/wouterlueks.nl\/assets\/docs\/thesis_lueks_def.pdf"},{"key":"2_CR21","doi-asserted-by":"publisher","unstructured":"Maxwell, G., Poelstra, A., Seurin, Y., Wuille, P.: Simple Schnorr multi-signatures with applications to Bitcoin. Des. Codes Cryptogr. 87(9), 2139\u20132164 (2019). https:\/\/doi.org\/10.1007\/s10623-019-00608-x","DOI":"10.1007\/s10623-019-00608-x"},{"key":"2_CR22","unstructured":"Mittal, P., Olumofin, F., Troncoso, C., Borisov, N., Goldberg, I.: PIR-Tor: scalable anonymous communication using private information retrieval. In: 20th USENIX Security Symposium, SEC 2011 (2011). http:\/\/dl.acm.org\/citation.cfm?id=2028067.2028098"},{"key":"2_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"522","DOI":"10.1007\/3-540-46416-6_47","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201991","author":"TP Pedersen","year":"1991","unstructured":"Pedersen, T.P.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522\u2013526. Springer, Heidelberg (1991). https:\/\/doi.org\/10.1007\/3-540-46416-6_47"},{"key":"2_CR24","doi-asserted-by":"publisher","unstructured":"Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361\u2013396 (2000). https:\/\/doi.org\/10.1007\/s001450010003","DOI":"10.1007\/s001450010003"},{"key":"2_CR25","doi-asserted-by":"crossref","unstructured":"Schnorr, C.: Security of blind discrete log signatures against interactive attacks. In: ICICS (2001)","DOI":"10.1007\/3-540-45600-7_1"},{"key":"2_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/0-387-34805-0_22","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"CP Schnorr","year":"1990","unstructured":"Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239\u2013252. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_22"},{"key":"2_CR27","doi-asserted-by":"crossref","unstructured":"Shamir, A.: How to share a secret. Commun. ACM 22, 612\u2013613 (1979)","DOI":"10.1145\/359168.359176"},{"key":"2_CR28","doi-asserted-by":"crossref","unstructured":"Stinson, D.R., Strobl, R.: Provably secure distributed Schnorr signatures and a $$(t, n)$$ threshold scheme for implicit certificates. In: Proceedings of the 6th Australasian Conference on Information Security and Privacy, ACISP 2001, pp. 417\u2013434 (2001). http:\/\/dl.acm.org\/citation.cfm?id=646038.678297","DOI":"10.1007\/3-540-47719-5_33"},{"key":"2_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"288","DOI":"10.1007\/3-540-45708-9_19","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"D Wagner","year":"2002","unstructured":"Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288\u2013304. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45708-9_19"}],"container-title":["Lecture Notes in Computer Science","Selected Areas in Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-81652-0_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,19]],"date-time":"2025-07-19T22:02:26Z","timestamp":1752962546000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-81652-0_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030816513","9783030816520"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-81652-0_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"21 July 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SAC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Selected Areas in Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 October 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 October 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sacrypt2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sac2020.ca\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"iChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6-8","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}