[CFRG] I-D Action: draft-irtf-cfrg-frost-01.txt

internet-drafts@ietf.org Thu, 12 August 2021 04:37 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: cfrg@ietf.org
Delivered-To: cfrg@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9906E3A34F8; Wed, 11 Aug 2021 21:37:32 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
Cc: cfrg@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.36.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: cfrg@ietf.org
Message-ID: <162874305257.23794.9260665408239098163@ietfa.amsl.com>
Date: Wed, 11 Aug 2021 21:37:32 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/nYCR350W8kMIBjthD9UHwv_9dZA>
Subject: [CFRG] I-D Action: draft-irtf-cfrg-frost-01.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Aug 2021 04:37:33 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Crypto Forum RG of the IRTF.

        Title           : Two-Round Threshold Signatures with FROST
        Authors         : Chelsea Komlo
                          Ian Goldberg
                          T Wilson-Brown
	Filename        : draft-irtf-cfrg-frost-01.txt
	Pages           : 19
	Date            : 2021-08-11

   In this draft, we present a two-round signing variant of FROST, a
   Flexible Round-Optimized Schnorr Threshold signature scheme.  FROST
   signatures can be issued after a threshold number of entities
   cooperate to issue a signature, allowing for improved distribution of
   trust and redundancy with respect to a secret key.  Further, this
   draft specifies signatures that are compatible with EdDSA
   verification of signatures.  However, this draft does not generate
   deterministic nonces as defined by EdDSA, to ensure protection
   against a key-recovery attack that is possible when even only one
   participant is malicious.

The IETF datatracker status page for this draft is:

There is also an htmlized version available at:

A diff from the previous version is available at:

Internet-Drafts are also available by anonymous FTP at: