(2026-03) Earpicks; Tightly Secure Two-Round Multi- and Threshold Signatures
2026-03-22
Multi-signatures are a fundamental cryptographic primitive in distributed systems, enabling a set of parties to jointly produce a compact signature on a common message. Of particular interest are constructions instantiated over pairing-free cyclic groups with a two-round signing protocol, as such schemes offer improved efficiency and deployability in practice. Support for key aggregation is an additional highly desirable property, allowing multiple public keys to be combined into a single succinct aggregate public key against which aggregate signatures can be verified. To improve concrete security guarantees, several works have proposed constructions with tight security reductions. However, existing tightly secure constructions have significant limitations. Notably, T-Spoon by Bacho and Wagner (Crypto 2025) is currently the only pairing-free two-round multi-signature scheme that simultaneously achieves tight security and supports key aggregation. Despite these advantages, T-Spoon incurs substantial efficiency overhead: its signatures comprise nine field elements and two group elements, resulting in prohibitively large signature sizes for many practical applications.
In this work, we introduce Earpick-MS, a tightly secure two-round multi-signature scheme over pairing-free cyclic groups that supports key aggregation while achieving compact signatures. Concretely, signatures in Earpick-MS consist of only three field elements and a single bit, thereby reducing the signature size by a factor of approximately 3.5 compared to the state-of-the-art T-Spoon construction. We further present Earpick-TS, a threshold signature variant of our scheme. Earpick-TS retains the same compact signature size and constitutes the first pairing-free two-round threshold signature scheme with a tight security proof. Prior to our work, achieving tight security in pairing-free threshold signatures required at least three rounds of interaction (Chen, PKC 2025; Bacho and Wagner, CiC 2026). Finally, we propose Earpick-muMS, an additional variant that achieves tight security in the multi-user setting while retaining the same compact signature size.