Mastodawn

Luke Parker Sep 21, 2025

eprint Sep 17, 2025

#eprint Trout: Two-Round Threshold ECDSA from Class Groups by Hila Dahari-Garbian, Ariel Nof, Luke Parker (https://ia.cr/2025/1666)

Trout: Two-Round Threshold ECDSA from Class Groups

We present Trout (Two-ROUnd Threshold), the \textit{first} distributed two-round ECDSA signing protocol for arbitrary thresholds. Trout has constant upload bandwidth per-party and processing time linear in the amount of participants. Moreover, Trout achieves the Identifiable Abort (IA) property, which means that if the protocol cannot terminate due to a failure, parties can attribute the failure to a specific party. We achieve this without a trusted setup. Our protocol relies on linear-homomorphic encryptions and commitments over class groups. To obtain our result, we leverage the recent construction of an exponent-VRF (Boneh et al., Eurocrypt 2025) and a novel protocol to multiply an encrypted value with a committed value and simultaneously decrypt it, which we call "scaled decryption". We believe that this protocol may be of independent interest. Our protocol has a very low communication cost of just 6.5 KB sent per party. Furthermore, we implemented our protocol in Rust and provide benchmarks for various configurations, showing its practicality even for 100 parties. Our implementation includes a constant-time variant which, to the best of our knowledge, is the first of its kind for class-group-based threshold ECDSA protocols.

IACR Cryptology ePrint Archive

Luke Parker Jan 27, 2024

Two-round threshold ECDSA with linear complexity and no trusted setup.

https://github.com/kayabaNerve/threshold-threshold-ecdsa/blob/two-round/write-up.md

#cryptography

threshold-threshold-ecdsa/write-up.md at two-round · kayabaNerve/threshold-threshold-ecdsa

Contribute to kayabaNerve/threshold-threshold-ecdsa development by creating an account on GitHub.

GitHub

Luke Parker Jan 16, 2024

I implemented a threshold ECDSA experiment with a feasible trustless setup and fully linear complexity. I later realized it was likely robust. I only just now realized I could trivially modify it to FROST.

https://github.com/kayabaNerve/threshold-threshold-ecdsa/tree/schnorr

Fully-linear complexity robust tSchnorr in 2-rounds, if this is correct. I have no idea if it is yet presume it can be so proven (perhaps needing another round).

#cryptography #crypto

GitHub - kayabaNerve/threshold-threshold-ecdsa at schnorr

Contribute to kayabaNerve/threshold-threshold-ecdsa development by creating an account on GitHub.

GitHub

Luke Parker Jan 2, 2024

Happy new year!

3-round (2-preproccessable) threshold ECDSA signing with O(n) complexity (with identifiable aborts, without trusted setup nor a setup requiring generating additive shares of a prime number).

https://github.com/kayabaNerve/threshold-threshold-ecdsa

Don't use this. It's not secure. Seriously. As literally implemented, it only offers 40 bits of security as one proof has to be repeated and I didn't bother repeating it.

Don't use this.

... but maybe in the future use it.

This utilizes the threshold MPC over class groups described in eprint.iacr.org/2022/1437. All relations should have the necessary proofs. Accordingly, the idea of this is sane and the technology implemented is the necessary and proper backbone (no missing pieces, no novel proofs).

Accordingly, the underlying idea of a protocol may be viable for formalization into a proven protocol. The implementation could be adjusted to match, and with the right amount of polish, kick ass.

State of the art round count, fully featured, and with record complexity.

Unfortunately, I don't have the professional nor personal incentive to do more than currently done. I also am unable to write the necessary proofs.

I wrote this for fun over roughly a week and hope it may inspire someone/be the basis of further work.

For more info, please see its README.

Yes, I know the code is ugly. Yes, I know it only offers 40 bits of security right now. No, I don't claim it to be secure.

I also don't know of it being obviously/trivially broken regarding the theory. Comments welcome and appreciated :)

#cryptography

GitHub - kayabaNerve/threshold-threshold-ecdsa

Contribute to kayabaNerve/threshold-threshold-ecdsa development by creating an account on GitHub.

GitHub

Luke Parker Dec 2, 2023

Serai DEX Dec 2, 2023

@kayaba spoke at @cakewallet's Chicago Meetup. If you want to learn more about how Serai works, check it out!

https://www.youtube.com/watch?v=xCEIcUWdUM0&t=3020s&ab_channel=CakeWallet

Monero Chicago Meetup Presentations

YouTube

Luke Parker Oct 21, 2023

Serai DEX Oct 21, 2023

Ever wondered why Serai uses Schnorr signatures? Find out why in our latest blog post!

https://serai.exchange/2023/10/08/to-schnorr-or-not-to-schnorr.html

To Schnorr or Not to Schnorr

Serai DEX | Swap Bitcoin, Ethereum, DAI stablecoin, Monero, and more.

Luke Parker Oct 14, 2023

Serai DEX Oct 6, 2023

Our new site is live!

Check out https://serai.exchange to get a glimpse at what we're building.

We will also be publishing a series of articles providing an in-depth explanation of Serai over the next few weeks, as we get closer to being ready for deployment.

Serai DEX | Swap Bitcoin, Ethereum, DAI stablecoin, Monero, and more.

Luke Parker Oct 14, 2023

Serai DEX Oct 14, 2023

Have you ever considered Serai a Monero project, or focused on Monero? Read more about our stance on our blog:
https://serai.exchange/2023/10/07/is-serai-monero-focused.html