[Cryptography] A discussion about secret sharing or multi-sig

[jrzx]

>> jrzx <jrzx at protonmail.ch> şunları yazdı (4 Ağu 2021 15:29):
>
>>> Is there a cryptographically secure way in threshold cryptography where at
>>> least n of my children can get together and create the signed message M
>>> without directly accessing the private key Apr?
>>
>> Yes. Schnorr signatures.
>>
>> The sharers get together to generate the signature in the same way they could have generated the shared secret.
>>
>> The signature verifies the same way a regular Schnorr signature verifies. The verifier does not know it is anything different from and ordinary Schnorr singlesig
>>
>> Constructing it, however is considerably more painful. O((logN)^3)

On Sunday, August 8th, 2021 at 5:58 AM, Osman Kuzucu <bizbucaliyiz at hotmail.com> wrote:

> Are schnorr signatures part of threshold cryptography? I thought schnorr signatures has a predefined amount of keys and all of them have to be present to construct the final signature.

Because Schnorr signatures over a prime order group are linear, the possessors of the shared secret can construct a Shnorr signature in the same way they could reconstruct the shared secret itself.

Doing this with a non prime order group is above my paygrade.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210810/b58e6e34/attachment.htm>