{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T09:16:32Z","timestamp":1773479792332,"version":"3.50.1"},"reference-count":39,"publisher":"Walter de Gruyter GmbH","issue":"1","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,4,14]]},"abstract":"Abstract<\/jats:title>\n \n Threshold signatures enable any subgroup of predefined cardinality\n \n \n \n \n t<\/m:mi>\n <\/m:math>\n t<\/jats:tex-math>\n <\/jats:alternatives>\n <\/jats:inline-formula>\n out of a committee of\n \n \n \n \n n<\/m:mi>\n <\/m:math>\n n<\/jats:tex-math>\n <\/jats:alternatives>\n <\/jats:inline-formula>\n participants to generate a valid, aggregated signature. Although several\n \n \n \n \n \n (<\/m:mo>\n \n t<\/m:mi>\n ,<\/m:mo>\n n<\/m:mi>\n <\/m:mrow>\n )<\/m:mo>\n <\/m:mrow>\n <\/m:math>\n \\left(t,n)<\/jats:tex-math>\n <\/jats:alternatives>\n <\/jats:inline-formula>\n -threshold signature schemes exist, most of them assume that the threshold\n \n \n \n \n t<\/m:mi>\n <\/m:math>\n t<\/jats:tex-math>\n <\/jats:alternatives>\n <\/jats:inline-formula>\n and the set of participants do not change over time. Practical applications of threshold signatures might benefit from the possibility of updating the threshold or the committee of participants. Examples of such applications are consensus algorithms and blockchain wallets. In this article, we present Dynamic-FROST (D-FROST) that combines FROST, a Schnorr threshold signature scheme, with CHURP, a dynamic proactive secret sharing scheme. The resulting protocol is the first Schnorr threshold signature scheme that accommodates changes in both the committee and the threshold value without relying on a trusted third party. Besides detailing the protocol, we present a proof of its security: as the original signing scheme, D-FROST preserves the property of existential unforgeability under chosen-message attack.\n <\/jats:p>","DOI":"10.1515\/jmc-2024-0045","type":"journal-article","created":{"date-parts":[[2025,4,14]],"date-time":"2025-04-14T13:02:22Z","timestamp":1744635742000},"source":"Crossref","is-referenced-by-count":3,"title":["Dynamic-FROST: Schnorr threshold signatures with a flexible committee"],"prefix":"10.1515","volume":"19","author":[{"given":"Annalisa","family":"Cimatti","sequence":"first","affiliation":[{"name":"Mathematics and Physics Department, Roma Tre University , Rome , Italy"}]},{"given":"Francesco","family":"De Sclavis","sequence":"additional","affiliation":[{"name":"Directorate General for Information Technology, Bank of Italy , Rome , Italy"}]},{"given":"Giuseppe","family":"Galano","sequence":"additional","affiliation":[{"name":"Directorate General for Information Technology, Bank of Italy , Rome , Italy"},{"name":"Department of Computer Science, University of Pisa , Pisa , Italy"}]},{"given":"Sara","family":"Giammusso","sequence":"additional","affiliation":[{"name":"Directorate General for Information Technology, Bank of Italy , Rome , Italy"}]},{"given":"Michela","family":"Iezzi","sequence":"additional","affiliation":[{"name":"Directorate General for Information Technology, Bank of Italy , Rome , Italy"}]},{"given":"Antonio","family":"Muci","sequence":"additional","affiliation":[{"name":"Directorate General for Information Technology, Bank of Italy , Rome , Italy"}]},{"given":"Matteo","family":"Nardelli","sequence":"additional","affiliation":[{"name":"Directorate General for Information Technology, Bank of Italy , Rome , Italy"}]},{"given":"Marco","family":"Pedicini","sequence":"additional","affiliation":[{"name":"Mathematics and Physics Department, Roma Tre University , Rome , Italy"}]}],"member":"374","published-online":{"date-parts":[[2025,4,14]]},"reference":[{"key":"2025122009205526189_j_jmc-2024-0045_ref_001","doi-asserted-by":"crossref","unstructured":"Komlo C, Goldberg I. FROST: flexible round-optimized Schnorr threshold signatures. In: Dunkelman O, Jacobson Jr MJ, O\u2019Flynn C, editors. Selected areas in cryptography. Cham: Springer; 2021. p. 34\u201365.","DOI":"10.1007\/978-3-030-81652-0_2"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_002","unstructured":"Sedghighadikolaei K, Yavuz AA. A comprehensive survey of threshold digital signatures: NIST standards, post-quantum cryptography, exotic techniques, and real-world applications. arXiv:2311.05514 [cs.CR], 2024. https:\/\/arxiv.org\/abs\/2311.05514."},{"key":"2025122009205526189_j_jmc-2024-0045_ref_003","doi-asserted-by":"crossref","unstructured":"Ruffing T, Ronge V, Jin E, Schneider-Bensch J, Schr\u00f6der D. ROAST: Robust Asynchronous Schnorr Threshold Signatures. In: Proc. of ACM SIGSAC CCS \u201922. New York, NY, USA: ACM; 2022. p. 2551\u201364.","DOI":"10.1145\/3548606.3560583"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_004","unstructured":"Benedetti M, De Sclavis F, Favorito M, Galano G, Giammusso S, Muci A, et al. Certified Byzantine consensus with confidential quorum for a bitcoin-derived permissioned DLT. In: Proc. of the 5th Distributed Ledger Technology Workshop;2023."},{"key":"2025122009205526189_j_jmc-2024-0045_ref_005","unstructured":"Laing TM, Stinson DR. A survey and refinement of repairable threshold schemes; 2017. Cryptology ePrint Archive, 2017\/1155."},{"key":"2025122009205526189_j_jmc-2024-0045_ref_006","doi-asserted-by":"crossref","unstructured":"Herzberg A, Jarecki S, Krawczyk H, Yung M. Proactive secret sharing or: how to cope with perpetual leakage. In: Proc. of CRYPTO \u201995. Berlin, Heidelberg: Springer-Verlag; 1995. p. 339\u201352.","DOI":"10.1007\/3-540-44750-4_27"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_007","doi-asserted-by":"crossref","unstructured":"Shamir A. How to share a secret. Commun ACM. 1979 nov;22(11):612\u20133.","DOI":"10.1145\/359168.359176"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_008","doi-asserted-by":"crossref","unstructured":"Maram SKD, Zhang F, Wang L, Low A, Zhang Y, Juels A, et al. CHURP: dynamic-committee proactive secret sharing. In: Proc. of ACM SIGSAC CCS \u201919. ACM; 2019. p. 2369\u201386.","DOI":"10.1145\/3319535.3363203"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_009","doi-asserted-by":"crossref","unstructured":"Shoup V. Practical threshold signatures. In: Preneel B, editor. Advances in Cryptology - EUROCRYPT 2000. Berlin, Heidelberg: Springer Berlin Heidelberg; 2000. p. 207\u201320.","DOI":"10.1007\/3-540-45539-6_15"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_010","doi-asserted-by":"crossref","unstructured":"Cachin C, Kursawe K, Shoup V. Random oracles in constantinople: practical asynchronous byzantine agreement using cryptography. J Cryptol. 2005;18(3):219\u201346.","DOI":"10.1007\/s00145-005-0318-0"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_011","doi-asserted-by":"crossref","unstructured":"Golan Gueta G, Abraham I, Grossman S, Malkhi D, Pinkas B, Reiter M, et al. SBFT: A scalable and decentralized trust infrastructure. In: Proc. of IEEE\/IFIP DSN \u201919; 2019. p. 568\u201380.","DOI":"10.1109\/DSN.2019.00063"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_012","doi-asserted-by":"crossref","unstructured":"Yin M, Malkhi D, Reiter MK, Gueta GG, Abraham I. HotStuff: BFTConsensus with linearity and responsiveness. In: Proc. of ACM PODC \u201919. New York, NY, USA: ACM; 2019. p. 347\u201356.","DOI":"10.1145\/3293611.3331591"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_013","doi-asserted-by":"crossref","unstructured":"Thai QT, Yim JC, Yoo TW, Yoo HK, Kwak JY, Kim SM. Hierarchical byzantine fault-tolerance protocol for permissioned blockchain systems. J Supercomput. 2019;75(11):7337\u201365.","DOI":"10.1007\/s11227-019-02939-x"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_014","doi-asserted-by":"crossref","unstructured":"Gennaro R, Jarecki S, Krawczyk H, Rabin T. Robust threshold DSS signatures. Inform Comput. 2001;164(1):54\u201384.","DOI":"10.1006\/inco.2000.2881"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_015","doi-asserted-by":"crossref","unstructured":"Gennaro R, Goldfeder S, Narayanan A. Threshold-optimal DSA\/ECDSA signatures and an application to bitcoin wallet security. In: Manulis M, Sadeghi AR, Schneider S, editors. Applied cryptography and network security. Cham: Springer; 2016. p. 156\u201374.","DOI":"10.1007\/978-3-319-39555-5_9"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_016","doi-asserted-by":"crossref","unstructured":"Gennaro R, Goldfeder S. Fast multiparty threshold ECDSA with fast trustless setup. In: Proc. of ACM SIGSAC CCS \u201918. ACM; 2018. p. 1179\u201394.","DOI":"10.1145\/3243734.3243859"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_017","unstructured":"Gennaro R, Goldfeder S. One round threshold ECDSA with identifiable abort. Cryptology ePrint Archive, 2020\/540. 2020."},{"key":"2025122009205526189_j_jmc-2024-0045_ref_018","doi-asserted-by":"crossref","unstructured":"Lindell Y, Nof A. Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: Proc. of ACM SIGSAC CCS \u201918. ACM; 2018. p. 1837\u201354.","DOI":"10.1145\/3243734.3243788"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_019","doi-asserted-by":"crossref","unstructured":"Noack A, Spitz S. Dynamic threshold cryptosystem without group manager. IACR Cryptol ePrint Arch. 2008:380.","DOI":"10.5296\/npa.v1i1.161"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_020","unstructured":"Aumasson JP, Hamelink A, Shlomovits O. A survey of ECDSA threshold signing. IACR Cryptol ePrint Arch. 2020;2020:1390."},{"key":"2025122009205526189_j_jmc-2024-0045_ref_021","doi-asserted-by":"crossref","unstructured":"Boneh D, Lynn B, Shacham H. Short signatures from the weil pairing. J Cryptol. 2004;17(4):297\u2013319.","DOI":"10.1007\/s00145-004-0314-9"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_022","doi-asserted-by":"crossref","unstructured":"Schnorr CP. Efficient identification and signatures for smart cards. In: Conference on the Theory and Application of Cryptology. Springer; 1989. p. 239\u201352.","DOI":"10.1007\/0-387-34805-0_22"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_023","unstructured":"Ergezer S, Kinkelin H, Rezabek F. A survey on threshold signature schemes. Seminar IITM SS 20, Network Architectures and Services, Technical University of Munich; 2020."},{"key":"2025122009205526189_j_jmc-2024-0045_ref_024","doi-asserted-by":"crossref","unstructured":"Boldyreva A. Threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-Group signature scheme. In: Desmedt YG, editor. Public Key Cryptography\u2013PKC 2003. Berlin, Heidelberg: Springer; 2002. p. 31\u201346.","DOI":"10.1007\/3-540-36288-6_3"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_025","doi-asserted-by":"crossref","unstructured":"Tomescu A, Chen R, Zheng Y, Abraham I, Pinkas B, Gueta GG, et al. Towards scalable threshold cryptosystems. In: Proc. of the 2020 IEEE Symposium on Security and Privacy; 2020. p. 877\u201393.","DOI":"10.1109\/SP40000.2020.00059"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_026","unstructured":"Crites E, Komlo C, Maller M. How to prove Schnorr assuming Schnorr: security of multi- and threshold signatures. Cryptology ePrint Archive. 2021."},{"key":"2025122009205526189_j_jmc-2024-0045_ref_027","unstructured":"Hu B, Zhang Z, Chen H, Zhou Y, Jiang H, Liu J. DyCAPS: asynchronous dynamic-committee proactive secret sharing; 2022. Cryptology ePrint Archive, Paper 2022\/1169. https:\/\/eprint.iacr.org\/2022\/1169."},{"key":"2025122009205526189_j_jmc-2024-0045_ref_028","doi-asserted-by":"crossref","unstructured":"Schultz D, Liskov B, Liskov M. MPSS: Mobile proactive secret sharing. ACM Trans Inf Syst Secur. 2010;13(4):32.","DOI":"10.1145\/1880022.1880028"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_029","doi-asserted-by":"crossref","unstructured":"Vassantlal R, Alchieri EAP, Ferreira B, Bessani AN. COBRA: Dynamic proactive secret sharing for confidential BFT services. Proceedings of 2022 IEEE Symposium on Security and Privacy (SP). 2022:1335\u201353.","DOI":"10.1109\/SP46214.2022.9833658"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_030","unstructured":"Yurek T, Xiang Z, Xia Y, Miller A. Long live the honey badger: Robust asynchronous DPSS and its applications. In: Proc. of 32nd USENIX Security. vol. 8; 2023. p. 5413\u201330."},{"key":"2025122009205526189_j_jmc-2024-0045_ref_031","doi-asserted-by":"crossref","unstructured":"Benhamouda F, Gentry C, Gorbunov S, Halevi S, Krawczyk H, Lin C, et al. Can a public blockchain keep a secret?; 2020. Cryptology ePrint Archive, 2020\/464.","DOI":"10.1007\/978-3-030-64375-1_10"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_032","unstructured":"Goyal V, Kothapalli A, Masserova E, Parno B, Song Y. Storing and retrieving secrets on a blockchain; 2020. Cryptology ePrint Archive, 2020\/504."},{"key":"2025122009205526189_j_jmc-2024-0045_ref_033","unstructured":"Battagliola M, Longo R, Meneghetti A. Extensible decentralized secret sharing and application to Schnorr signatures; 2022. Cryptology ePrint Archive, Paper 2022\/1551. https:\/\/eprint.iacr.org\/2022\/1551."},{"key":"2025122009205526189_j_jmc-2024-0045_ref_034","doi-asserted-by":"crossref","unstructured":"Benhamouda F, Halevi S, Krawczyk H, Ma Y, Rabin T. SPRINT: High-Throughput Robust Distributed Schnorr Signatures; 2023. Cryptology ePrint Archive, 2023\/427.","DOI":"10.1007\/978-3-031-58740-5_3"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_035","doi-asserted-by":"crossref","unstructured":"Bellare M, Boldyreva A, Staddon J. Multi-recipient encryption schemes: Security notions and randomness re-use. In: PKC. vol. 2003; 2003. p. 85\u201399.","DOI":"10.1007\/3-540-36288-6_7"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_036","unstructured":"Drijvers M, Edalatnejad K, Ford B, Kiltz E, Loss J, Neven G, et al. On the Security of Two-Round Multi-Signatures; 2018. Cryptology ePrint Archive, 2018\/417."},{"key":"2025122009205526189_j_jmc-2024-0045_ref_037","unstructured":"Benhamouda F, Lepoint T, Loss J, Orr\u00f9 M, Raykova M. On the (in)security of ROS; 2020. Cryptology ePrint Archive, 2020\/945."},{"key":"2025122009205526189_j_jmc-2024-0045_ref_038","doi-asserted-by":"crossref","unstructured":"Bellare M, Neven G. Multi-signatures in the plain public-Key model and a general forking lemma. In: Proc. of ACM CCS \u201906. ACM; 2006. p. 390\u20139.","DOI":"10.1145\/1180405.1180453"},{"key":"2025122009205526189_j_jmc-2024-0045_ref_039","doi-asserted-by":"crossref","unstructured":"Kate A, Zaverucha GM, Goldberg I. Constant-size commitments to polynomials and their applications. In: Abe M, editor. Advances in Cryptology - ASIACRYPT 2010. Berlin, Heidelberg: Springer; 2010. p. 177\u201394.","DOI":"10.1007\/978-3-642-17373-8_11"}],"container-title":["Journal of Mathematical Cryptology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2024-0045\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2024-0045\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T09:39:42Z","timestamp":1766223582000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2024-0045\/html"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,1]]},"references-count":39,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,4,14]]},"published-print":{"date-parts":[[2025,4,14]]}},"alternative-id":["10.1515\/jmc-2024-0045"],"URL":"https:\/\/doi.org\/10.1515\/jmc-2024-0045","relation":{},"ISSN":["1862-2984"],"issn-type":[{"value":"1862-2984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,1]]},"article-number":"20240045"}}