Re: [Cfrg] Call for adoption: Threshold Signatures

Richard Barnes <> Mon, 12 October 2020 21:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id ADE213A09D3 for <>; Mon, 12 Oct 2020 14:14:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ajwGoMmw4Zqe for <>; Mon, 12 Oct 2020 14:14:34 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CABD03A09D6 for <>; Mon, 12 Oct 2020 14:14:33 -0700 (PDT)
Received: by with SMTP id 140so17249988qko.2 for <>; Mon, 12 Oct 2020 14:14:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9pzaRW1cYHvGBuxb8IS53rcOZRBzCKsxUVJvL/ypg4g=; b=lJPeynm3tVWlrZZOhaSmGmnkRZmuEWLOWv6SBjj2HnfhNL3+i2Sox18I5lcegvuIbd NxJrHemXkoPiFdVXImsZhirc3rh6IMb18Kep0JQnrUwiQwdyKsVMNI5FUQEmAU4DXNqy TmgBHIgAi0630G+Yx09EgyaVFKiMMyLlZQGSDN+TL0ee1P+M8hI3/mhhEF3/GfakYpUD m/9wrsVIMX87dvRlhQYgvKA/xjjuzoRlanGecYXJcpYRYvuXcW9TfB9ALJNX10aRVpw7 UHTkiV7ROogtlFpdhkwSQoschh8FoN7iAI+/thTFLrtbsyzIKj5/lGTsZWA98hUwwdVw zcoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9pzaRW1cYHvGBuxb8IS53rcOZRBzCKsxUVJvL/ypg4g=; b=jOa6yLKG9QbgaSUgOV6Nt3wkMNjm3V/yp8xwnwyPPLUVDmTACbAVvDPaK9jpLFWWWa bdPZQ8TB8DnIowVOFBhEm1kPt2fZZkGII1OXLgiMNwmfVxQf1UHlOrfN6YSm52+vRZln JgTmycpwlmysGMX72s4upEfWlhzI1b8ioAT/oMhY/Z1ZhOWKPjinAjLlif81eQxoVn7+ tQYPX+SHtKfIXc6V161EDAPGqyX5G9YmIAZjb2toSEBCb9IsqcKFJSASW2bMjijecthQ TL9ZKoyO4w39I7F8Bm8WdkOOdhJL2bDgosx/LXB2ePPzLQqpbYKnueh7/wPbBE+ckLoz ktTw==
X-Gm-Message-State: AOAM533MBfNCOtlAi0EPH6AJra+Bk/tDdIeMJiOJTp2OzGlr5uQ2mao7 c6kHO7uzTcA5iBQcAMHWF9lckwRi58xkBCcVbNaEDg==
X-Google-Smtp-Source: ABdhPJxK+flFWWDLD+LU9HFGsEfWRFy/cGK0UdjQ1UsP8z6nzJfRPw7HXrVZRSJFaULSIgQvVpJwoXUkT+2Okyvgwt4=
X-Received: by 2002:a37:4d13:: with SMTP id a19mr11582332qkb.159.1602537272727; Mon, 12 Oct 2020 14:14:32 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Richard Barnes <>
Date: Mon, 12 Oct 2020 17:14:16 -0400
Message-ID: <>
To: Nick Sullivan <>
Cc: CFRG <>
Content-Type: multipart/alternative; boundary="000000000000e1713c05b17fc8aa"
Archived-At: <>
Subject: Re: [Cfrg] Call for adoption: Threshold Signatures
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 12 Oct 2020 21:14:36 -0000

a) I think this could be a good item for CFRG to work on.  To Paul's point,
I think the discussion here can complement the NIST process.  One potential
point of difference / complementarity -- I would like it if whatever this
group produces could include concrete instantiations for the CFRG signature
schemes Ed25519 and Ed448.  Not sure if NIST is looking at things at that
level of granularity.

b) I have reviewed both documents, and FROST seems like the clearly better
option here.  Like Nick, I am more of a consumer than a cryptographer, but
FROST seems to have considered a much broader collection of risks (e.g.,
the attack by Drijvers et al.) and operational considerations than PHB's
scheme.  And as an implementer, I found FROST very clearly specified and
easy to understand.  I was able to adapt it for use with Ed25519 and
implement it in Go without much trouble.

c) I am willing to contribute and provide reviews on updated documents.  In
particular, as noted above, I've thought a bit about specializating FROST
to Ed25519, and would be glad to contribute that as a starting point.


On Thu, Oct 8, 2020 at 12:34 PM Nick Sullivan <nick=> wrote:

> Dear CFRG participants,
> After some active conversations on the mailing list, there seems to be
> support for taking on work related to threshold signatures at the CFRG.
> This email commences a 3-week call for adoption for the topic of "Threshold
> Signatures" that will end on October 28th, 2020:
> There are two drafts that have been submitted for consideration on this
> topic:
> Please give your views on the following questions:
> a) should this topic be adopted by the CFRG as a work item, and if so
> b) should one or both of these documents should be considered as a
> starting point for this work
> c) are you willing to help work on this item and/or review it
> Please reply to this email (or in exceptional circumstances, you can email
> CFRG chairs directly at
> Thank you,
> Nick (for the chairs)
> _______________________________________________
> Cfrg mailing list