Digital signatures are a fundamental building block of any modern cryptographic system. In a digital signature scheme, each party P holds a secret key sk which it can use to create a signature s on a message m. Anyone can then verify s using a matching public key pk. The crucial property of a digital signature scheme is its unforgeability: as long as P does not reveal sk, it should be infeasible to create a signature that verifies with respect to pk (for anyone besides P). A particularly appealing type of digital signature scheme is one that allows multiple parties to jointly generate a compact signature s on a message m. Here, compact means that the resulting signature s is not larger than if a single party signs m. Signatures with joint signature generation have wide-ranging and important applications that include storage efficiency and secure randomness generation. The goal of this project is to reassess the provable security guarantees of such schemes in real-world settings. We find that, despite being an active research area, many proposed constructions provide unsatisfactory security guarantees in practice: Some rely on non-standard cryptographic hardness assumptions or are secure only under unrealistic network assumptions. Others consider restricted adversaries which do not accurately reflect real-world scenarios. Our goals are to: (1) advance the theoretical understanding of these important cryptographic primitives (2) design novel constructions with stronger security properties and better efficiency (3) give rigorous security analyses for new and existing constructions in realistic security models.

DFG Programme Research Grants