There has recently been renewed interest in threshold signature schemes, where t out of n participants can collaborate to sign a message, producing a signature that is indistinguishable from a traditional single-party signature scheme, and without ever reconstructing the shared secret key. Schnorr signatures are particularly amenable to such constructions, with much prior work, including by Stinson and Strobl in 2001. However, many of these schemes incur several communication rounds during the signing process, and Drijvers et al. (Oakland 2019) observed that many of these protocols are insecure in the setting where participants can sign multiple messages in parallel. In this work, we present FROST: Flexible Round-Optimized Schnorr Threshold Signatures, a protocol that safely implements Schnorr threshold signatures in the parallel setting, with either two communication rounds, or a single round with preprocessing. In doing so, it forgoes the robustness of schemes like Stinson and Strobl's, but we argue that this is acceptable in practical settings. This is joint work with Chelsea Komlo, and appeared at SAC 2020. The protocols are being formally specified in the Internet Research Task Force's Crypto Forum Research Group, with Komlo, Deirdre Connolly, and Christopher Wood.

Bio: Ian Goldberg is the Canada Research Chair in Privacy Enhancing Technologies, and a Professor in the Cheriton School of Computer Science at the University of Waterloo, where he, Stinson, and Hengartner formed the Cryptography, Security, and Privacy (CrySP) research group in 2006. Since then, CrySP has grown to 10 core faculty members and almost 50 graduate students and postdoctoral researchers. Goldberg is a Distinguished Member of the ACM and a winner of the Electronic Frontier Foundation's Pioneer Award, the USENIX Security Test of Time Award, and the Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies.