{"id":"https://openalex.org/W3091149618","doi":"https://doi.org/10.1145/3372297.3417236","title":"MuSig-DN: Schnorr Multi-Signatures with Verifiably Deterministic Nonces","display_name":"MuSig-DN: Schnorr Multi-Signatures with Verifiably Deterministic Nonces","publication_year":2020,"publication_date":"2020-10-30","ids":{"openalex":"https://openalex.org/W3091149618","doi":"https://doi.org/10.1145/3372297.3417236","mag":"3091149618"},"language":"en","primary_location":{"id":"doi:10.1145/3372297.3417236","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3372297.3417236","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5025335522","display_name":"Jonas Nick","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Jonas Nick","raw_affiliation_strings":["Blockstream, Victoria, Canada"],"affiliations":[{"raw_affiliation_string":"Blockstream, Victoria, Canada","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013138712","display_name":"Tim Ruffing","orcid":"https://orcid.org/0000-0001-6237-5228"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tim Ruffing","raw_affiliation_strings":["Blockstream, Victoria, Canada"],"affiliations":[{"raw_affiliation_string":"Blockstream, Victoria, Canada","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048055873","display_name":"Yannick Seurin","orcid":"https://orcid.org/0000-0002-2948-9423"},"institutions":[{"id":"https://openalex.org/I4210108273","display_name":"Agence Nationale de S\u00e9curit\u00e9 du M\u00e9dicament et des Produits de Sant\u00e9","ror":"https://ror.org/01g80gk13","country_code":"FR","type":"government","lineage":["https://openalex.org/I4210108273"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Yannick Seurin","raw_affiliation_strings":["ANSSI, Paris, France"],"affiliations":[{"raw_affiliation_string":"ANSSI, Paris, France","institution_ids":["https://openalex.org/I4210108273"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5006683446","display_name":"Pieter Wuille","orcid":"https://orcid.org/0000-0002-5530-4541"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pieter Wuille","raw_affiliation_strings":["Blockstream, Victoria, Canada"],"affiliations":[{"raw_affiliation_string":"Blockstream, Victoria, Canada","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5025335522"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.2937191,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.63702501,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"2020","issue":null,"first_page":"1717","last_page":"1731"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11693","display_name":"Cryptography and Residue Arithmetic","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9941999912261963,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7573287487030029},{"id":"https://openalex.org/keywords/cryptographic-nonce","display_name":"Cryptographic nonce","score":0.7249284386634827},{"id":"https://openalex.org/keywords/randomness","display_name":"Randomness","score":0.6408281326293945},{"id":"https://openalex.org/keywords/discrete-logarithm","display_name":"Discrete logarithm","score":0.6044928431510925},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.5702826976776123},{"id":"https://openalex.org/keywords/schnorr-signature","display_name":"Schnorr signature","score":0.563279390335083},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.5524003505706787},{"id":"https://openalex.org/keywords/pseudorandom-function-family","display_name":"Pseudorandom function family","score":0.5332891941070557},{"id":"https://openalex.org/keywords/public-key-cryptography","display_name":"Public-key cryptography","score":0.5168595910072327},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4961636960506439},{"id":"https://openalex.org/keywords/digital-signature","display_name":"Digital signature","score":0.4788525104522705},{"id":"https://openalex.org/keywords/pseudorandom-number-generator","display_name":"Pseudorandom number generator","score":0.35984402894973755},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.335326611995697},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.20352274179458618},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.19791045784950256},{"id":"https://openalex.org/keywords/hash-function","display_name":"Hash function","score":0.18703359365463257},{"id":"https://openalex.org/keywords/blind-signature","display_name":"Blind signature","score":0.13637113571166992},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.08621999621391296}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7573287487030029},{"id":"https://openalex.org/C9996903","wikidata":"https://www.wikidata.org/wiki/Q1749235","display_name":"Cryptographic nonce","level":3,"score":0.7249284386634827},{"id":"https://openalex.org/C125112378","wikidata":"https://www.wikidata.org/wiki/Q176640","display_name":"Randomness","level":2,"score":0.6408281326293945},{"id":"https://openalex.org/C173259116","wikidata":"https://www.wikidata.org/wiki/Q864003","display_name":"Discrete logarithm","level":4,"score":0.6044928431510925},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.5702826976776123},{"id":"https://openalex.org/C124968333","wikidata":"https://www.wikidata.org/wiki/Q1465057","display_name":"Schnorr signature","level":5,"score":0.563279390335083},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.5524003505706787},{"id":"https://openalex.org/C178774983","wikidata":"https://www.wikidata.org/wiki/Q734896","display_name":"Pseudorandom function family","level":3,"score":0.5332891941070557},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.5168595910072327},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4961636960506439},{"id":"https://openalex.org/C118463975","wikidata":"https://www.wikidata.org/wiki/Q220849","display_name":"Digital signature","level":3,"score":0.4788525104522705},{"id":"https://openalex.org/C140642157","wikidata":"https://www.wikidata.org/wiki/Q1623338","display_name":"Pseudorandom number generator","level":2,"score":0.35984402894973755},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.335326611995697},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.20352274179458618},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.19791045784950256},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.18703359365463257},{"id":"https://openalex.org/C18899389","wikidata":"https://www.wikidata.org/wiki/Q2736593","display_name":"Blind signature","level":4,"score":0.13637113571166992},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.08621999621391296},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3372297.3417236","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3372297.3417236","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"mag:3091149618","is_oa":false,"landing_page_url":"https://eprint.iacr.org/2020/1057.pdf","pdf_url":null,"source":{"id":"https://openalex.org/S2764847869","display_name":"IACR Cryptology ePrint Archive","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":["https://openalex.org/P4322614454"],"host_organization_lineage_names":["Cryptology ePrint Archive"],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IACR Cryptology ePrint Archive","raw_type":null}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.46000000834465027}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W174706587","https://openalex.org/W200023587","https://openalex.org/W632399495","https://openalex.org/W1485287820","https://openalex.org/W1492049863","https://openalex.org/W1505884345","https://openalex.org/W1518147993","https://openalex.org/W1532209418","https://openalex.org/W1548701190","https://openalex.org/W1548977089","https://openalex.org/W1566035358","https://openalex.org/W1608415167","https://openalex.org/W1689385595","https://openalex.org/W1977902874","https://openalex.org/W2022848027","https://openalex.org/W2058546698","https://openalex.org/W2095708839","https://openalex.org/W2098104887","https://openalex.org/W2134651419","https://openalex.org/W2148828749","https://openalex.org/W2162869211","https://openalex.org/W2164736940","https://openalex.org/W2165297797","https://openalex.org/W2183171747","https://openalex.org/W2338654096","https://openalex.org/W2552640487","https://openalex.org/W2794784663","https://openalex.org/W2811448169","https://openalex.org/W2828755943","https://openalex.org/W2883748642","https://openalex.org/W2927855747","https://openalex.org/W2947157832","https://openalex.org/W2955838977","https://openalex.org/W2972668960","https://openalex.org/W2984459379","https://openalex.org/W3107287909"],"related_works":["https://openalex.org/W3107287909","https://openalex.org/W2794784663","https://openalex.org/W1510930007","https://openalex.org/W2222086599","https://openalex.org/W1499756206","https://openalex.org/W1587796445","https://openalex.org/W2575114935","https://openalex.org/W2064439116","https://openalex.org/W2612793066","https://openalex.org/W163848421","https://openalex.org/W2026025311","https://openalex.org/W1595522037","https://openalex.org/W648970207","https://openalex.org/W1567943805","https://openalex.org/W2774870314","https://openalex.org/W1490548600","https://openalex.org/W2475985589","https://openalex.org/W2898409100","https://openalex.org/W1522430042","https://openalex.org/W1535549307"],"abstract_inverted_index":{"MuSig":[0,82],"is":[1,13,124,137],"a":[2,79,91,110,167,194],"multi-signature":[3,128],"scheme":[4,129],"for":[5,24,223,245],"Schnorr":[6,127,184],"signatures,":[7],"which":[8,31,67,84,120,226],"supports":[9],"key":[10,19],"aggregation":[11],"and":[12,97,102,199],"secure":[14],"in":[15,40,83,141,170,230,251],"the":[16,33,41,64,70,95,125,142,152,155,237,246],"plain":[17],"public":[18,100],"model.":[20],"Standard":[21],"derandomization":[22],"techniques":[23],"discrete":[25],"logarithm-based":[26],"signatures":[27,62],"such":[28],"as":[29,49,90,145,147,179,207],"RFC~6979,":[30],"make":[32],"signing":[34,135,156,168],"procedure":[35],"immune":[36],"to":[37,47,114,150,215],"catastrophic":[38],"failures":[39,140],"randomness":[42,143],"generation,":[43],"are":[44],"not":[45],"applicable":[46],"multi-signatures":[48,185],"an":[50,54,164,201,208],"attacker":[51],"could":[52],"trick":[53],"honest":[55],"user":[56],"into":[57],"producing":[58],"two":[59,174],"different":[60],"partial":[61],"with":[63,130],"same":[65],"randomness,":[66],"would":[68],"reveal":[69],"user's":[71],"secret":[72],"key.":[73],"In":[74],"this":[75,205],"paper,":[76],"we":[77,121,192],"propose":[78],"variant":[80],"of":[81,94,154,177,204,239],"signers":[85],"generate":[86],"their":[87,115],"nonce":[88],"deterministically":[89],"pseudorandom":[92,197],"function":[93,198,206],"message":[96],"all":[98,182],"signers'":[99],"keys":[101],"prove":[103],"that":[104],"they":[105],"did":[106],"so":[107],"by":[108,181,242],"providing":[109],"non-interactive":[111],"zero-knowledge":[112,220],"proof":[113,221],"cosigners.":[116],"The":[117],"resulting":[118],"scheme,":[119],"call":[122],"MuSig-DN,":[123],"first":[126],"deterministic":[131],"signing.":[132],"Therefore":[133],"its":[134],"protocol":[136],"robust":[138],"against":[139],"generation":[144],"well":[146],"attacks":[148],"trying":[149],"exploit":[151],"statefulness":[153],"procedure,":[157],"e.g.,":[158,233],"virtual":[159],"machine":[160],"rewinding":[161],"attacks.":[162],"As":[163],"additional":[165],"benefit,":[166],"session":[169],"MuSig-DN":[171,217],"requires":[172],"only":[173],"rounds":[175],"instead":[176],"three":[178],"required":[180],"previous":[183],"including":[186],"MuSig.":[187],"To":[188],"instantiate":[189],"our":[190,240],"construction,":[191],"identify":[193],"suitable":[195],"algebraic":[196],"provide":[200],"efficient":[202],"implementation":[203],"arithmetic":[209,224],"circuit.":[210],"This":[211],"makes":[212],"it":[213,244],"possible":[214],"realize":[216],"efficiently":[218],"using":[219],"frameworks":[222],"circuits":[225],"support":[227],"inputs":[228],"given":[229],"Pedersen":[231],"commitments,":[232],"Bulletproofs.":[234],"We":[235],"demonstrate":[236],"practicality":[238],"technique":[241],"implementing":[243],"secp256k1":[247],"elliptic":[248],"curve":[249],"used":[250],"Bitcoin.":[252]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}