January 26, 2026
Elizabeth Crites - Parity Technologies @ UK
Abstract. In this talk, I will present two recent works on the adaptive security of threshold Schnorr signature schemes. “A Plausible Attack on the Adaptive Security of Threshold Schnorr Signatures” presents a plausible, efficient attack on the adaptive security of threshold Schnorr signature schemes with keys of a common form. It shows that a wide range of schemes, including all variants of FROST, Sparkle, and Lindell’22, cannot be proven fully adaptively secure without modifications or assuming the hardness of a search problem P defined in this work. “On the Adaptive Security of FROST” examines how these results impact FROST and its variants, which are state-of-the-art threshold Schnorr signature protocols used in real-world applications. In particular, it introduces the low-dimensional vector representation (LDVR) problem, closely related to the problem P, and shows full adaptive security of FROST, FROST2, and FROST3 in the algebraic group model (AGM) and random oracle model (ROM) under the algebraic one-more discrete logarithm (AOMDL) and LDVR assumptions. Half adaptive security is shown to hold in the ROM under AOMDL alone. Together, these works define a new frontier for research on the adaptive security of threshold Schnorr signatures, as the hardness of P and LDVR remain intriguing open questions.
[Slides] Based on two joint works:
Presented at MPTS 2026: NIST Workshop on Multi-Party Threshold Schemes
