{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T04:53:12Z","timestamp":1778215992853,"version":"3.51.4"},"reference-count":47,"publisher":"Springer Science and Business Media LLC","issue":"9","license":[{"start":{"date-parts":[[2019,2,2]],"date-time":"2019-02-02T00:00:00Z","timestamp":1549065600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Des. Codes Cryptogr."],"published-print":{"date-parts":[[2019,9]]},"DOI":"10.1007\/s10623-019-00608-x","type":"journal-article","created":{"date-parts":[[2019,2,1]],"date-time":"2019-02-01T21:16:18Z","timestamp":1549055778000},"page":"2139-2164","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":223,"title":["Simple Schnorr multi-signatures with applications to Bitcoin"],"prefix":"10.1007","volume":"87","author":[{"given":"Gregory","family":"Maxwell","sequence":"first","affiliation":[]},{"given":"Andrew","family":"Poelstra","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2948-9423","authenticated-orcid":false,"given":"Yannick","family":"Seurin","sequence":"additional","affiliation":[]},{"given":"Pieter","family":"Wuille","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,2,2]]},"reference":[{"key":"608_CR1","unstructured":"Accredited Standards Committee X9. American National Standard X9.62-2005, Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm (ECDSA) (2005)."},{"key":"608_CR2","unstructured":"Andresen G.: M-of-N standard transactions. Bitcoin Improvement Proposal. \n https:\/\/github.com\/bitcoin\/bips\/blob\/master\/bip-0011.mediawiki\n \n (2011)."},{"key":"608_CR3","unstructured":"Bagherzandi A., Cheon J.H., Stanislaw J.: Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma. In: Ning, P., Syverson, P.F., Jha, S. (eds.) ACM Conference on Computer and Communications Security-CCS 2008, pp. 449\u2013458. ACM (2008)."},{"key":"608_CR4","unstructured":"Bernstein D.J.: Multi-user Schnorr security, revisited. IACR Cryptology ePrint Archive, Report 2015\/996 (2015). \n http:\/\/eprint.iacr.org\/2015\/996\n \n ."},{"key":"608_CR5","unstructured":"Bernstein D.J., Duif N., Lange T., Schwabe P., Yang B.-Y.: High-speed high-security signatures. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2011, LNCS, vol. 6917, pp. 124\u2013142. Springer, Berlin (2011)."},{"key":"608_CR6","unstructured":"Boneh D., Gentry C., Lynn B., Shacham H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) Advances in Cryptology-EUROCRYPT 2003, LNCS, vol. 2656, pp. 416\u2013432. Springer, Berlin (2003)."},{"issue":"4","key":"608_CR7","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1007\/s00145-004-0314-9","volume":"17","author":"D Boneh","year":"2004","unstructured":"Boneh D., Lynn B., Shacham H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297\u2013319 (2004).","journal-title":"J. Cryptol."},{"key":"608_CR8","unstructured":"Boneh D., Drijvers M., Neven G.: Compact multi-signatures for smaller blockchains. In: Peyrin, T., Galbraith, S.D. (eds.) Advances in Cryptology-ASIACRYPT 2018 (Proceedings, Part II), LNCS, vol. 11273, pp. 435\u2013464. Springer, Berlin (2018)."},{"key":"608_CR9","unstructured":"Bellare M., Neven G.: Multi-signatures in the plain public-key model and a general forking lemma. In: Juels, A., Wright, R.N., De\u00a0Capitani di\u00a0Vimercati, S. (eds.) ACM Conference on Computer and Communications Security-CCS 2006, pp. 390\u2013399. ACM (2006)."},{"key":"608_CR10","unstructured":"Bellare M., Palacio A.: GQ and Schnorr identification schemes: proofs of security against impersonation under active and concurrent attacks. In: Yung, M. (ed.) Advances in Cryptology-CRYPTO 2002, LNCS, vol. 2442, pp. 162\u2013177. Springer, Berlin (2002)."},{"issue":"3","key":"608_CR11","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/s00145-002-0120-1","volume":"16","author":"M Bellare","year":"2003","unstructured":"Bellare M., Namprempre C., Pointcheval D., Semanko M.: The one-more-RSA-inversion problems and the security of Chaum\u2019s blind signature scheme. J. Cryptol. 16(3), 185\u2013215 (2003).","journal-title":"J. Cryptol."},{"key":"608_CR12","unstructured":"Bellare M., Namprempre C., Neven G.: Unrestricted aggregate signatures. In: Arge, L., Cachin, C., Jurdzinski, T., Tarlecki, A. (eds.) Automata, Languages and Programming-ICALP 2007, LNCS, vol. 4596, pp. 411\u2013422. Springer, Berlin (2007)."},{"key":"608_CR13","unstructured":"Boldyreva A.: Threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-Group Signature Scheme. In: Desmedt, Y. (ed.) Public Key Cryptography-PKC 2003, LNCS, vol. 2567, pp. 31\u201346. Springer, Berlin (2003)."},{"key":"608_CR14","unstructured":"Certicom Research: SEC 2: recommended elliptic curve domain parameters, v2.0 (2010). \n http:\/\/www.secg.org\/sec2-v2.pdf\n \n ."},{"key":"608_CR15","unstructured":"Drijvers M., Edalatnejad K., Ford B., Neven G.: On the provable security of two-round multi-signatures. IACR Cryptology ePrint Archive, Report 2018\/417 (2018). \n http:\/\/eprint.iacr.org\/2018\/417\n \n ."},{"key":"608_CR16","unstructured":"El Bansarkhani R., Jan S.: An efficient lattice-based multisignature scheme with applications to bitcoins. In: Foresti, S., Persiano, G. (eds.) Cryptology and Network Security-CANS 2016, LNCS, vol. 10052, pp. 140\u2013155. Springer, Berlin (2016)."},{"key":"608_CR17","unstructured":"Garg S., Bhaskar R., Lokam S.V.: Improved bounds on security reductions for discrete log based signatures. In: Wagner, D. (ed.) Advances in Cryptology-CRYPTO 2008, LNCS, vol. 5157, pp. 93\u2013107. Springer, Berlin (2008)."},{"key":"608_CR18","unstructured":"Gennaro R., Goldfeder S., Narayanan A.: Threshold-optimal DSA\/ECDSA signatures and an application to bitcoin wallet security. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) Applied Cryptography and Network Security-ACNS 2016, LNCS, vol. 9696, pp. 156\u2013174. Springer, Berlin (2016)."},{"key":"608_CR19","unstructured":"Goldfeder S., Bonneau J., Gennaro R., Narayanan A.: Escrow protocols for cryptocurrencies: how to buy physical goods using Bitcoin. In: Financial Cryptography and Data Security-FC 2017 (2017). \n http:\/\/www.jbonneau.com\/doc\/GBGN17-FC-physical_escrow.pdf\n \n ."},{"issue":"5","key":"608_CR20","doi-asserted-by":"publisher","first-page":"307","DOI":"10.1049\/ip-cdt:19941293","volume":"141","author":"L Harn","year":"1994","unstructured":"Harn L.: Group-oriented \n \n \n \n $$(t, n)$$\n \n \n \n (\n t\n ,\n n\n )\n \n \n \n threshold digital signature scheme and digital multisignature. IEE Proc. Comput. Digit. Tech. 141(5), 307\u2013313 (1994).","journal-title":"IEE Proc. Comput. Digit. Tech."},{"key":"608_CR21","unstructured":"Horster P., Michels M., Petersen H.: Meta-multisignature schemes based on the discrete logarithm problem. In: IFIP\/Sec \u201995, IFIP Advances in Information and Communication Technology, pp. 128\u2013142. Springer, Berlin (1995)."},{"key":"608_CR22","first-page":"1","volume":"71","author":"K Itakura","year":"1983","unstructured":"Itakura K., Nakamura K.: A public-key cryptosystem suitable for digital multisignatures. NEC Res. Dev. 71, 1\u20138 (1983).","journal-title":"NEC Res. Dev."},{"key":"608_CR23","unstructured":"Kiltz E., Masny D., Pan J.: Optimal security proofs for signatures from identification schemes. In: Robshaw, M., Katz, J. (eds.) Advances in Cryptology-CRYPTO 2016 (Proceedings, Part II), LNCS, vol. 9815, pp. 33\u201361. Springer, Berlin (2016)."},{"key":"608_CR24","unstructured":"Langford S.K.: Weakness in some threshold cryptosystems. In: Koblitz, N. (ed.) Advances in Cryptology-CRYPTO \u201996, LNCS, vol. 1109, pp. 74\u201382. Springer, Berlin (1996)."},{"key":"608_CR25","unstructured":"Li C.-M., Hwang T., Lee N.-Y.: Threshold-multisignature schemes where suspected forgery implies traceability of adversarial shareholders. In: De Santis, A. (ed.), Advances in Cryptology - EUROCRYPT \u201994, LNCS, vol. 950, pp. 194\u2013204. Springer, Berlin (1994)."},{"key":"608_CR26","unstructured":"Lindell Y.: Fast secure two-party ECDSA signing. In: Katz, J., Shacham, H. (eds.) Advances in Cryptology-CRYPTO 2017 (Proceedings, Part II), LNCS, vol. 10402, pp. 613\u2013644. Springer, Berlin (2017)."},{"key":"608_CR27","unstructured":"Lu S., Ostrovsky R., Sahai A., Shacham H., Waters B.: Sequential aggregate signatures and multisignatures without random oracles. In: Vaudenay, S. (ed.) Advances in Cryptology-EUROCRYPT 2006, LNCS, vol. 4004, pp. 465\u2013485. Springer, Berlin (2006)."},{"key":"608_CR28","unstructured":"Lysyanskaya A., Micali S., Reyzin L., Shacham H.: Sequential aggregate signatures from trapdoor permutations. In: Cachin, C., Camenisch, J. (eds.) Advances in Cryptology - EUROCRYPT 2004, LNCS, vol. 3027, pp. 74\u201390. Springer, Berlin (2004)."},{"issue":"2","key":"608_CR29","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/s10623-009-9313-z","volume":"54","author":"C Ma","year":"2010","unstructured":"Ma C., Weng J., Li Y., Deng R.H.: Efficient discrete logarithm based multi-signature scheme in the plain public key model. Des. Codes Cryptogr. 54(2), 121\u2013133 (2010).","journal-title":"Des. Codes Cryptogr."},{"key":"608_CR30","unstructured":"MacKenzie P.D., Reiter M.K.: Two-party generation of DSA signatures. In: Kilian, J. (ed.), Advances in Cryptology-CRYPTO 2001, LNCS, vol. 2139, pp. 137\u2013154. Springer, Berlin (2001)."},{"key":"608_CR31","unstructured":"Maxwell G.: CoinJoin: Bitcoin privacy for the real world. (2013). BitcoinTalk post. \n https:\/\/bitcointalk.org\/index.php?topic=279249.0\n \n ."},{"key":"608_CR32","unstructured":"Merkle R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) Advances in Cryptology-CRYPTO \u201987, LNCS, vol. 293, pp. 369\u2013378. Springer, Berlin (1987)."},{"key":"608_CR33","unstructured":"Michels M., Horster P.: On the risk of disruption in several multiparty signature schemes. In: Kim, K., Matsumoto, T. (eds.) Advances in Cryptology-ASIACRYPT \u201996, LNCS, vol. 1163, pp. 334\u2013345. Springer, Berlin (1996)."},{"key":"608_CR34","unstructured":"Micali S., Ohta K., Reyzin L.: Accountable-subgroup multisignatures. In: Reiter, M.K., Samarati, P. (eds.) ACM Conference on Computer and Communications Security-CCS 2001, pp. 245\u2013254. ACM (2001)."},{"key":"608_CR35","unstructured":"Nakamoto S.: Bitcoin: a peer-to-peer electronic cash system (2008). \n http:\/\/bitcoin.org\/bitcoin.pdf\n \n ."},{"key":"608_CR36","unstructured":"National Institute of Standards and Technology. FIPS 186-4: digital signature standard (DSS) (2013). \n http:\/\/nvlpubs.nist.gov\/nistpubs\/FIPS\/NIST.FIPS.186-4.pdf\n \n ."},{"key":"608_CR37","unstructured":"Okamoto T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) Advances in Cryptology-CRYPTO\u201992, LNCS, vol. 740, pp. 31\u201353. Springer, Berlin (1992)."},{"key":"608_CR38","unstructured":"Ohta K., Okamoto T.: A digital multisignature scheme based on the Fiat-Shamir scheme. In: Imai, H., Rivest, R.\u00a0L., Matsumoto, T. (eds.) Advances in Cryptology-ASIACRYPT \u201991, LNCS, vol. 739, pp. 139\u2013148. Springer, Berlin (1991)."},{"issue":"1","key":"608_CR39","first-page":"21","volume":"E82\u2013A","author":"K Ohta","year":"1999","unstructured":"Ohta K., Okamoto T.: Multi-signature schemes secure against active insider attacks. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E82\u2013A(1), 21\u201331 (1999).","journal-title":"IEICE Trans. Fundam. Electron. Commun. Comput. Sci."},{"key":"608_CR40","unstructured":"Paillier P., Vergnaud D.: Discrete-log-based signatures may not be equivalent to discrete log. In: Roy, B.K. (ed.) Advances in Cryptology-ASIACRYPT 2005, LNCS, vol. 3788, pp. 1\u201320. Springer, Berlin (2005)."},{"issue":"3","key":"608_CR41","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D Pointcheval","year":"2000","unstructured":"Pointcheval D., Stern J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361\u2013396 (2000).","journal-title":"J. Cryptol."},{"key":"608_CR42","doi-asserted-by":"crossref","unstructured":"Pornin T.: Deterministic usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA). RFC 6979 (2013). \n https:\/\/rfc-editor.org\/rfc\/rfc6979.txt\n \n .","DOI":"10.17487\/rfc6979"},{"key":"608_CR43","unstructured":"Ristenpart T., Yilek S.: The power of proofs-of-possession: securing multiparty signatures against rogue-key attacks. In: Naor, M. (ed.) Advances in Cryptology-EUROCRYPT 2007, LNCS, vol. 4515, pp. 228\u2013245. Springer, Berlin (2007)."},{"issue":"3","key":"608_CR44","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/BF00196725","volume":"4","author":"C-P Schnorr","year":"1991","unstructured":"Schnorr C.-P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161\u2013174 (1991).","journal-title":"J. Cryptol."},{"key":"608_CR45","unstructured":"Seurin Y.: On the exact security of Schnorr-type signatures in the random oracle model. In: Pointcheval, D., Johansson, T. (eds.) Advances in Cryptology-EUROCRYPT 2012, LNCS, vol. 7237, pp. 554\u2013571. Springer, Berlin (2012)."},{"key":"608_CR46","unstructured":"Syta E., Tamas I., Visher D., Wolinsky D.I., Jovanovic P., Gasser L., Gailly N., Khoffi I., Ford B.: Keeping authorities \u201dHonest or Bust\u201d with decentralized witness cosigning. In: IEEE Symposium on Security and Privacy, SP 2016, pp. 526\u2013545. IEEE Computer Society (2016)."},{"key":"608_CR47","unstructured":"Wagner D.A.: A generalized birthday problem. In: Yung, M. (ed.) Advances in Cryptology-CRYPTO 2002, LNCS, vol. 2442, pp. 288\u2013303. Springer, Berlin (2002)."}],"container-title":["Designs, Codes and Cryptography"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10623-019-00608-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-019-00608-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-019-00608-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,2,1]],"date-time":"2020-02-01T19:07:03Z","timestamp":1580584023000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10623-019-00608-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,2,2]]},"references-count":47,"journal-issue":{"issue":"9","published-print":{"date-parts":[[2019,9]]}},"alternative-id":["608"],"URL":"https:\/\/doi.org\/10.1007\/s10623-019-00608-x","relation":{},"ISSN":["0925-1022","1573-7586"],"issn-type":[{"value":"0925-1022","type":"print"},{"value":"1573-7586","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,2,2]]},"assertion":[{"value":"31 May 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 January 2019","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 January 2019","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 February 2019","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}