NIST requests public comments on the initial public draft (ipd) of
NIST IR 8214B, Notes on Threshold
EdDSA/Schnorr Signatures.
This report considers signature schemes that are compatible with the
verification phase of the Edwards Curve Digital Signature Algorithm (EdDSA)
specified in Draft Federal Information Processing Standards (FIPS) publication
186-5. The report analyzes threshold schemes, where the private signing key is
secret-shared across multiple parties, and signatures can be produced without
the parties reconstructing the key. Security holds even if up to a threshold number
of parties has been compromised.
The report reviews the properties of EdDSA/Schnorr deterministic
and probabilistic signatures schemes, both in the conventional (non-threshold)
and threshold setting, summarizing various known properties and approaches.
These threshold signatures can allow for a drop-in replacement of conventional
signatures without changing the legacy code used for verification. This work is
useful to advance the NIST Multi-Party Threshold Cryptography project, which is
also interested in other primitives. The document suggests that it is
beneficial to further consult with the community of experts for security
formulations, technical descriptions, and reference implementations.
The report includes a section for each of the following:
- Conventional setting: gives
context of conventional EdDSA/Schnorr-style signature schemes and their
security properties; - Threshold approaches:
summarizes various threshold approaches for deterministic and
probabilistic schemes, at a high level; - Further considerations:
describes how various aspects only arise in the threshold setting, thus
requiring a more sophisticated analysis with respect to the security
formulation; - Conclusions: identifies the
need for additional analysis aided by the community of experts.
The public comment period is open through October 24, 2022. See
the publication details for a copy of the draft and
instructions for submitting comments.
NOTE: A call for patent claims is included on page iii of this
draft. For additional information, see the Information Technology
Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
Read
More