Please note: This PhD defence will take place in DC 2310 and online.
Chelsea Komlo, PhD candidate
David R. Cheriton School of Computer Science
Supervisors: Professors Ian Goldberg, Douglas Stebila
Threshold schemes are a critical cryptographic primitive that allows a set of n total parties and a threshold of at least t parties to collaborate to jointly perform some function, such as generating key material or issuing a digital signature. Threshold schemes allow for improved robustness in the case of failure, and distribute trust among many parties. In particular, the security of the scheme assumes t−1 players are corrupted, and so can deviate arbitrarily from the protocol. The security of the scheme ensures that in spite of a subset of corrupted players, the scheme can provide important properties such as robustness, unforgeability, or indistinguishability from some target distribution.
In this work, we examine the special cases of distributed key generation and threshold signing. In particular, we present constructions that optimize for considerations that are important to implementations in practice. Such considerations include simplicity, network round efficiency, computational and bandwidth efficiency, and low use of broadcast channels.
Firstly, we present FROST, a Flexible Round-Optimized Schnorr Threshold signature scheme. FROST improves upon prior threshold Schnorr signature schemes in that signatures can be generated with only two network rounds among participants, while remaining secure against concurrent adversaries. We show that FROST is secure under the Algebraic One-More Discrete Logarithm (AOMDL) assumption in the Random Oracle Model (ROM).
Secondly, we present Storm, a simplified three-round distributed key generation protocol (DKG). Storm presents a simplified alternative to prior DKGs with a similar security model assuming the Discrete Logarithm Problem (DLP) is hard, and provides a generic construction that may be applicable beyond discrete-logarithm assumptions.
Finally, we present Arctic, a two-round deterministic threshold Schnorr signature scheme. Arctic allows signers to remain stateless, with the exception of persisting state of their long-lived signing keys. Arctic requires a slightly weaker trust model in that it assumes the majority of signers are honest, but shows improved efficiency over alternative deterministic threshold Schnorr signature schemes for small signing coalitions (fewer than 25 signers). We show that Arctic is secure assuming DLP in the ROM.
To attend this PhD defence in person, please go to DC 2310. You can also attend virtually on BigBlueButton.