{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,11]],"date-time":"2026-07-11T17:31:55Z","timestamp":1783791115841,"version":"3.55.0"},"publisher-location":"New York, NY, USA","reference-count":41,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["393541319\/GRK2475\/1-2019 and 442893093"],"award-info":[{"award-number":["393541319\/GRK2475\/1-2019 and 442893093"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]},{"name":"State of Bavaria","award":["Nuremberg Technology Campus"],"award-info":[{"award-number":["Nuremberg Technology Campus"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548606.3560583","type":"proceedings-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T11:41:28Z","timestamp":1667821288000},"page":"2551-2564","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":52,"title":["ROAST: Robust Asynchronous Schnorr Threshold Signatures"],"prefix":"10.1145","author":[{"given":"Tim","family":"Ruffing","sequence":"first","affiliation":[{"name":"Blockstream, Victoria, BC, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Viktoria","family":"Ronge","sequence":"additional","affiliation":[{"name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg, N\u00fcrnberg, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Elliott","family":"Jin","sequence":"additional","affiliation":[{"name":"Blockstream, Victoria, BC, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jonas","family":"Schneider-Bensch","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dominique","family":"Schr\u00f6der","sequence":"additional","affiliation":[{"name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg, N\u00fcrnberg, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833559"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-84242-0_7"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455827"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-15985-5_18"},{"key":"e_1_3_2_2_5_1","volume-title":"ACM CCS 2006. (2006","author":"Bellare Mihir","year":"2006","unstructured":"Mihir Bellare and Gregory Neven . 2006 . Multi-signatures in the plain publickey model and a general forking lemma . In ACM CCS 2006. (2006 ). doi: 10.114 5\/1180405.1180453. Mihir Bellare and Gregory Neven. 2006. Multi-signatures in the plain publickey model and a general forking lemma. In ACM CCS 2006. (2006). doi: 10.114 5\/1180405.1180453."},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-012-0027-1"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-03329-3_15"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423367"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/167088.167105"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-45388-6_10"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-59013-0_32"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-57990-6_19"},{"key":"e_1_3_2_2_15_1","volume-title":"2019 IEEE Symposium on Security and Privacy.","author":"Doerner Jack","year":"2019","unstructured":"Jack Doerner , Yashvanth Kondi , Eysa Lee , and abhi shelat. 2019. Threshold ECDSA from ECDSA assumptions: the multiparty case . In 2019 IEEE Symposium on Security and Privacy. ( 2019 ). doi: 10.1109\/SP.2019.00024. 10.1109\/SP.2019.00024 Jack Doerner, Yashvanth Kondi, Eysa Lee, and abhi shelat. 2019. Threshold ECDSA from ECDSA assumptions: the multiparty case. In 2019 IEEE Symposium on Security and Privacy. (2019). doi: 10.1109\/SP.2019.00024."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00050"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49384-7_12"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243859"},{"key":"e_1_3_2_2_21_1","volume-title":"ACNS 16.","author":"Gennaro Rosario","year":"2016","unstructured":"Rosario Gennaro , Steven Goldfeder , and Arvind Narayanan . 2016. Thresholdoptimal DSA\/ECDSA signatures and an application to bitcoin wallet security. In ACNS 16. ( 2016 ). doi: 10.1007\/978--3--319--39555--5_9. 10.1007\/978--3--319--39555--5_9 Rosario Gennaro, Steven Goldfeder, and Arvind Narayanan. 2016. Thresholdoptimal DSA\/ECDSA signatures and an application to bitcoin wallet security. In ACNS 16. (2016). doi: 10.1007\/978--3--319--39555--5_9."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48910-X_21"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-006-0347-3"},{"key":"e_1_3_2_2_26_1","volume-title":"Zcash protocol specification, version","author":"Hopwood Daira","year":"2022","unstructured":"Daira Hopwood , Sean Bowe , Taylor Hornby , and Nathan Wilcox . 2022. Zcash protocol specification, version 2022 .3.8 [NU5]. https:\/\/zips.z.cash\/protocol\/prot Daira Hopwood, Sean Bowe, Taylor Hornby, and Nathan Wilcox. 2022. Zcash protocol specification, version 2022.3.8 [NU5]. https:\/\/zips.z.cash\/protocol\/prot"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44381-1_21"},{"key":"e_1_3_2_2_28_1","volume-title":"ICISC","author":"Joshi Snehil","year":"2021","unstructured":"Snehil Joshi , Durgesh Pandey , and Kannan Srinathan . 2021 . ATSSIA: Asynchronous truly-threshold Schnorr signing for inconsistent availability . In ICISC 2021. doi: 10.1007\/978--3-031-08896--4_4. 10.1007\/978--3-031-08896--4_4 Snehil Joshi, Durgesh Pandey, and Kannan Srinathan. 2021. ATSSIA: Asynchronous truly-threshold Schnorr signing for inconsistent availability. In ICISC 2021. doi: 10.1007\/978--3-031-08896--4_4."},{"key":"e_1_3_2_2_29_1","volume-title":"FROST: Flexible round-optimized Schnorr threshold signatures. In.","author":"Komlo Chelsea","year":"2020","unstructured":"Chelsea Komlo and Ian Goldberg . 2020 . FROST: Flexible round-optimized Schnorr threshold signatures. In. Chelsea Komlo and Ian Goldberg. 2020. FROST: Flexible round-optimized Schnorr threshold signatures. In."},{"key":"e_1_3_2_2_30_1","volume-title":"fastecdsa Python libary","author":"Anton Kueltz","year":"2016","unstructured":"[SW] Anton Kueltz et al. , fastecdsa Python libary . 2016 . url: https:\/\/github.c om\/AntonKueltz\/fastecdsa. [SW] Anton Kueltz et al., fastecdsa Python libary. 2016. url: https:\/\/github.c om\/AntonKueltz\/fastecdsa."},{"key":"e_1_3_2_2_31_1","volume-title":"RSK: Bitcoin powered smart contracts. Revision 11. https:\/\/www.rsk.co\/Whitepapers\/RSK-White-Paper-Updated.pdf.","author":"Lerner Sergio Demian","year":"2019","unstructured":"Sergio Demian Lerner . 2019 . RSK: Bitcoin powered smart contracts. Revision 11. https:\/\/www.rsk.co\/Whitepapers\/RSK-White-Paper-Updated.pdf. Sergio Demian Lerner. 2019. RSK: Bitcoin powered smart contracts. Revision 11. https:\/\/www.rsk.co\/Whitepapers\/RSK-White-Paper-Updated.pdf."},{"key":"e_1_3_2_2_32_1","unstructured":"Sergio Demian Lerner. [n. d.] The cutting edge of sidechains: Liquid and RSK. https:\/\/blog.rsk.co\/noticia\/the-cutting-edge-of-sidechains-liquid-and-rsk\/.  Sergio Demian Lerner. [n. d.] The cutting edge of sidechains: Liquid and RSK. https:\/\/blog.rsk.co\/noticia\/the-cutting-edge-of-sidechains-liquid-and-rsk\/."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243788"},{"key":"e_1_3_2_2_35_1","unstructured":"Eric Lombrozo Johnson Lau and Pieter Wuille. 2015. Segregated witness (consensus layer). Bitcoin Improvement Proposal 141. See https:\/\/github.com\/bitco in\/bips\/blob\/master\/bip-0141.mediawiki. (2015).  Eric Lombrozo Johnson Lau and Pieter Wuille. 2015. Segregated witness (consensus layer). Bitcoin Improvement Proposal 141. See https:\/\/github.com\/bitco in\/bips\/blob\/master\/bip-0141.mediawiki. (2015)."},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10623-019-00608-x"},{"key":"e_1_3_2_2_37_1","volume-title":"Liquid: A Bitcoin Sidechain. Tech. rep. https:\/\/blockstream.com\/assets\/downloads\/pdf\/liquid-w hitepaper.pdf.","author":"Nick Jonas","year":"2020","unstructured":"Jonas Nick , Andrew Poelstra , and Gregory Sanders . 2020 . Liquid: A Bitcoin Sidechain. Tech. rep. https:\/\/blockstream.com\/assets\/downloads\/pdf\/liquid-w hitepaper.pdf. Jonas Nick, Andrew Poelstra, and Gregory Sanders. 2020. Liquid: A Bitcoin Sidechain. Tech. rep. https:\/\/blockstream.com\/assets\/downloads\/pdf\/liquid-w hitepaper.pdf."},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-84242-0_8"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417236"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-46766-1_9"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-92548-2_7"},{"key":"e_1_3_2_2_42_1","volume-title":"ROAST prototype implementation and raw benchmark data provided along with this work. Version 429e693b79c9ff1b63b1015317bcd0bc41a77ccc","author":"Rel SW","year":"2022","unstructured":"[ SW Rel .] , ROAST prototype implementation and raw benchmark data provided along with this work. Version 429e693b79c9ff1b63b1015317bcd0bc41a77ccc , 2022 . url: https:\/\/github.com\/robot-dreams\/roast. [SW Rel.], ROAST prototype implementation and raw benchmark data provided along with this work. Version 429e693b79c9ff1b63b1015317bcd0bc41a77ccc, 2022. url: https:\/\/github.com\/robot-dreams\/roast."},{"key":"e_1_3_2_2_43_1","volume-title":"ROAST: Robust asynchronous Schnorr threshold signatures. Cryptology ePrint Archive, Report 2022\/550. https:\/\/eprint.iacr.org\/2022\/550.","author":"Ruffing Tim","year":"2022","unstructured":"Tim Ruffing , Viktoria Ronge , Elliott Jin , Jonas Schneider-Bensch , and Dominique Schr\u00f6der . 2022 . ROAST: Robust asynchronous Schnorr threshold signatures. Cryptology ePrint Archive, Report 2022\/550. https:\/\/eprint.iacr.org\/2022\/550. Tim Ruffing, Viktoria Ronge, Elliott Jin, Jonas Schneider-Bensch, and Dominique Schr\u00f6der. 2022. ROAST: Robust asynchronous Schnorr threshold signatures. Cryptology ePrint Archive, Report 2022\/550. https:\/\/eprint.iacr.org\/2022\/550."},{"key":"e_1_3_2_2_44_1","unstructured":"Eric Sirion. 2021. FediMint: Federated e-cash on Bitcoin. https:\/\/fedimint.org.  Eric Sirion. 2021. FediMint: Federated e-cash on Bitcoin. https:\/\/fedimint.org."},{"key":"e_1_3_2_2_45_1","volume-title":"Stinson and Reto Strobl","author":"Douglas","year":"2001","unstructured":"Douglas R. Stinson and Reto Strobl . 2001 . Provably secure distributed Schnorr signatures and a (t,n) threshold scheme for implicit certificates. In ACISP 01. (2001). doi: 10.1007\/3--540--47719--5_33. 10.1007\/3--540--47719--5_33 Douglas R. Stinson and Reto Strobl. 2001. Provably secure distributed Schnorr signatures and a (t,n) threshold scheme for implicit certificates. In ACISP 01. (2001). doi: 10.1007\/3--540--47719--5_33."},{"key":"e_1_3_2_2_46_1","volume-title":"libsecp256k1 C library","author":"Pieter Wuille","year":"2013","unstructured":"[SW] Pieter Wuille et al. , libsecp256k1 C library . 2013 . url: https:\/\/github.co m\/bitcoin-core\/secp256k1. [SW] Pieter Wuille et al., libsecp256k1 C library. 2013. url: https:\/\/github.co m\/bitcoin-core\/secp256k1."},{"key":"e_1_3_2_2_47_1","unstructured":"Pieter Wuille Jonas Nick and Tim Ruffing. 2020. Schnorr signatures for secp256k1. Bitcoin Improvement Proposal 340. https:\/\/github.com\/bitcoin\/bips\/blob\/mast er\/bip-0340.mediawiki. (2020).  Pieter Wuille Jonas Nick and Tim Ruffing. 2020. Schnorr signatures for secp256k1. Bitcoin Improvement Proposal 340. https:\/\/github.com\/bitcoin\/bips\/blob\/mast er\/bip-0340.mediawiki. (2020)."},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-75245-3_18"}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA","acronym":"CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560583","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3560583","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:50:57Z","timestamp":1750182657000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560583"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":41,"alternative-id":["10.1145\/3548606.3560583","10.1145\/3548606"],"URL":"https:\/\/doi.org\/10.1145\/3548606.3560583","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}