Really neat paper I skimmed through this morning: "Structure-preserving Threshold Signatures", by @Mahdi_seda, @drl3c7er, @cryptulf and @bpreneel1. (tl;dr as screenshots):
The authors build a _non-interactive_ *threshold* structure-preserving signature scheme (SPS) by modifying @essamghadafi's SPS (eprint.iacr.org/2015/961) with (1) a message-hashing technique used in Coconut for threshold Pointcheval-Sanders signatures (arxiv.org/abs/1802.07344) ...
...and (2) with message-indexing, a small assumption that each message to be signed can be mapped to a unique index (implicitly true for scalar messages).
I like this paper a lot because, in 2018, @ittaia, @bennypinkas and I were trying to obtain a structure-preserving threshold signature scheme too, for our UTT work on anonymous payments (eprint.iacr.org/2022/452). We discovered PS signatures, thresholdized them, but we needed...
...an expensive distributed-key-generation (DKG) per each threshold PS signature. Ultimately, we too ended up adapting techniques by Coconut (see screenshot). But this new threshold SPS work might open up new possibilities :)
alin.apt
@alinush407
I put the "crypto" in "cryptocurrency" | Founding Team & Head of Cryptography at @AptosLabs