Paper 2025/840
T-Spoon: Tightly Secure Two-Round Multi-Signatures with Key Aggregation
Abstract
Multi-signatures over pairing-free cyclic groups have seen significant advancements in recent years, including achieving two-round protocols and supporting key aggregation. Key aggregation enables the combination of multiple public keys into a single succinct aggregate key for verification and has essentially evolved from an optional feature to a requirement. To enhance the concrete security of two-round schemes, Pan and Wagner (Eurocrypt 2023, 2024) introduced the first tightly secure constructions in this setting. However, their schemes do not support key aggregation, and their approach inherently precludes a single short aggregate public key. This leaves the open problem of achieving tight security and key aggregation simultaneously. In this work, we solve this open problem by presenting the first tightly secure two-round multi-signature scheme in pairing-free groups supporting key aggregation. As for Pan and Wagner's schemes, our construction is based on the DDH assumption. In contrast to theirs, it also has truly compact signatures, with signature size asymptotically independent of the number of signers.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- A minor revision of an IACR publication in CRYPTO 2025
- Keywords
- Multi-SignaturesTight SecurityKey AggregationPairing-Free Groups
- Contact author(s)
-
renas bacho @ cispa de
benedikt wagner @ ethereum org - History
- 2025-05-13: approved
- 2025-05-12: received
- See all versions
- Short URL
- https://ia.cr/2025/840
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/840,
author = {Renas Bacho and Benedikt Wagner},
title = {T-Spoon: Tightly Secure Two-Round Multi-Signatures with Key Aggregation},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/840},
year = {2025},
url = {https://eprint.iacr.org/2025/840}
}