[Cfrg] New Version Notification for draft-komlo-frost-00.txt

Chelsea Komlo <ckomlo@uwaterloo.ca> Fri, 07 August 2020 19:19 UTC

Return-Path: <ckomlo@uwaterloo.ca>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 2DEC83A0DE5 for <cfrg@ietfa.amsl.com>; Fri, 7 Aug 2020 12:19:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=uwaterloo.ca
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 3wrMFGuscpcf for <cfrg@ietfa.amsl.com>; Fri, 7 Aug 2020 12:19:26 -0700 (PDT)
Received: from phage7.uwaterloo.ca (phage7.uwaterloo.ca []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABE623A0D57 for <cfrg@irtf.org>; Fri, 7 Aug 2020 12:19:26 -0700 (PDT)
Received: from pps.filterd (phage7.uwaterloo.ca []) by phage7.uwaterloo.ca ( with SMTP id 077JFFcV031716 for <cfrg@irtf.org>; Fri, 7 Aug 2020 15:19:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uwaterloo.ca; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=default; bh=SS8rpiRztM/sPuqocIEb3yUD8dV74uxdV+HGISwlcXk=; b=8uqHxPTTS2oJbPEblvjQAjue8L4iEb4TvaVlDLgWIPSVcpINBriWRYfmet7ir39izoVl oki5SeRVs226Bmb6IuuTIz4c6BNSNObvbYdJ1XDz6Amu/n5DkAVvM2yjOdjIRM5XElWK mqbpjL2yJE239H6Z/gcIugrjFe0U4HEEcaU=
Received: from connhm04.connect.uwaterloo.ca (connhm04.connect.uwaterloo.ca []) by phage7.uwaterloo.ca with ESMTP id 32pem8tmd6-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT) for <cfrg@irtf.org>; Fri, 07 Aug 2020 15:19:25 -0400
Received: from connhm02.connect.uwaterloo.ca ( by connhm04.connect.uwaterloo.ca ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1913.5; Fri, 7 Aug 2020 15:19:19 -0400
Received: from connhm02.connect.uwaterloo.ca ([fe80::dcfc:7fe1:3d27:382b]) by connhm02.connect.uwaterloo.ca ([fe80::dcfc:7fe1:3d27:382b%18]) with mapi id 15.01.1913.010; Fri, 7 Aug 2020 15:19:19 -0400
From: Chelsea Komlo <ckomlo@uwaterloo.ca>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: New Version Notification for draft-komlo-frost-00.txt
Thread-Index: AQHWbOwO2QOQB/7evke17CqT3cb5D6ktA0EG
Date: Fri, 7 Aug 2020 19:19:19 +0000
Message-ID: <f93a51d298e848589b55da5cab9e4f54@uwaterloo.ca>
References: <159682640967.6742.1777084682628766482@ietfa.amsl.com>
In-Reply-To: <159682640967.6742.1777084682628766482@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_f93a51d298e848589b55da5cab9e4f54uwaterlooca_"
MIME-Version: 1.0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 adultscore=0 impostorscore=0 clxscore=1015 bulkscore=0 spamscore=0 priorityscore=1501 phishscore=0 lowpriorityscore=0 malwarescore=0 mlxlogscore=999 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2008070134
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/RIXCSEhMK348nlMskcnKEJHH0FU>
Subject: [Cfrg] New Version Notification for draft-komlo-frost-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2020 19:19:29 -0000


We posted our -00 draft for FROST, a Flexible Round Optimized Schnorr Threshold Signature scheme. This draft reflects our updated FROST construction [1].

FROST improves upon prior constructions as it can be used as a single-round signing protocol with preprocessing, while remaining safe against known forgery attacks that are applicable to prior schemes in the literature [2].

Please let us know if there are any questions. We look forward to this draft being considered for adoption as a work item.


[1] https://eprint.iacr.org/2020/852

[2] https://eprint.iacr.org/2018/417

From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: Friday, August 7, 2020 6:53 AM
To: Ian Goldberg; Chelsea Komlo
Subject: New Version Notification for draft-komlo-frost-00.txt

A new version of I-D, draft-komlo-frost-00.txt
has been successfully submitted by Chelsea Komlo and posted to the
IETF repository.

Name:           draft-komlo-frost
Revision:       00
Title:          FROST: Flexible Round-Optimized Schnorr Threshold Signatures
Document date:  2020-08-07
Group:          Individual Submission
Pages:          22
URL:            https://www.ietf.org/internet-drafts/draft-komlo-frost-00.txt
Status:         https://datatracker.ietf.org/doc/draft-komlo-frost/
Htmlized:       https://tools.ietf.org/html/draft-komlo-frost-00
Htmlized:       https://datatracker.ietf.org/doc/html/draft-komlo-frost
FROST: Flexible Round-Optimized Schnorr Threshold Signatures (Internet-Draft, 2020)

   Unlike signatures in a single-party setting, threshold signatures
   require cooperation among a threshold number of signers each holding
   a share of a common private key.  Consequently, generating signatures
   in a threshold setting imposes overhead due to network rounds among
   signers, proving costly when secret shares are stored on network-
   limited devices or when coordination occurs over unreliable networks.
   This draft describes FROST, a Flexible Round-Optimized Schnorr
   Threshold signature scheme that reduces network overhead during
   signing operations while employing a novel technique to protect
   against forgery attacks applicable to similar schemes in the
   literature.  FROST improves upon the state of the art in Schnorr
   threshold signature protocols, as it can safely perform signing
   operations in a single round without limiting concurrency of signing
   operations, yet allows for true threshold signing, as only a
   threshold number of participants are required for signing operations.
   FROST can be used as either a two-round protocol where signers send
   and receive two messages in total, or optimized to a single-round
   signing protocol with a pre-processing stage.  FROST achieves its
   efficiency improvements in part by allowing the protocol to abort in
   the presence of a misbehaving participant (who is then identified and
   excluded from future operations)--a reasonable model for practical
   deployment scenarios.

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat