Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Notes on Threshold EdDSA/Schnorr Signatures

August 10, 2022


Luís T. A. N. Brandão


Abstract: EdDSA is one of the signature schemes specified in the NIST Draft FIPS 186-5. As a Schnorr-style scheme, its signature makes an interesting linear combination of two secrets --- the signing key and a (pseudo)random secret nonce. Assuming both secrets are linearly secret-shared, it is easy to obtain a signature in a threshold manner, i.e., without reconstructing the key. However, the secret-sharing of the nonce gives rise to various approaches, which, absent proper consideration, can be insecurely instantiated (allowing key recovery or forgeries). This presentation will overview some notes on conventional EdDSA/Schnorr, and on threshold signatures interchangeable with respect to the FIPS-specified EdDSA verification.

Joint work (NIST IR 8214B) with Michael Davidson

Suggested reading: NIST IR 8214 ipd (initial public draft)

Presented at

Crypto Reading Club talk on 2022-Aug-10

Related Topics

Security and Privacy: cryptography

Created August 11, 2022, Updated March 22, 2023