Chelsea Komlo's Avatar

Chelsea Komlo

@chelseakomlo.bsky.social

(Real world) Cryptographer. chelseakomlo.com for more info.

1,041 Followers  |  113 Following  |  102 Posts  |  Joined: 19.04.2023  |  1.7274

Latest posts by chelseakomlo.bsky.social on Bluesky

On the Adaptive Security of Key-Unique Threshold Signatures Abstract not available.

I’m at SBC and Simon’s for the next week, looking forward to seeing everyone!

Will be giving a talk on Thursday at Simon’s on our recent impossibility results on the adaptive security of threshold signatures- simons.berkeley.edu/talks/chelse...

03.08.2025 13:08 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Thank you!! Wow you are lucky

15.01.2025 04:46 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

2025: started out with Covid, got better, then relapsed into Covid πŸ€¦β€β™€οΈ

15.01.2025 00:39 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0

Back to blue sky and happy new year!!!

04.01.2025 16:31 β€” πŸ‘ 12    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
RFC 9591: The Flexible Round-Optimized Schnorr Threshold (FROST) Protocol for Two‑Round Schnorr Signatures This document specifies the Flexible Round-Optimized Schnorr Threshold (FROST) signing protocol. FROST signatures can be issued after a threshold number of entities cooperate to compute a signature, ...

After 3 years & 12 drafts, the RFC for FROST is complete! We hope this makes implementing FROST easier with fewer bugs πŸ›

Thank you to everyone who helped by reviewing FROST security, submitting comments, and implementing the draft, this was a team effort πŸ™ŒπŸ’ͺ

www.rfc-editor.org/rfc/rfc9591....

06.07.2024 14:05 β€” πŸ‘ 11    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0

Awesome! Added to the list for next year :)

03.06.2024 15:05 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

In Croatia? Have fun!! Hopefully I’ll make it one day 🀞

01.06.2024 15:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

There's a mergesort step on page 12 that is costed at N log N. So I don't think this improves on Sam Jaques' eprint 2024/080 from a theoretical perspective. Nice implementation work though!

20.05.2024 16:25 β€” πŸ‘ 4    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
Donate Used Eclipse Glasses | Eclipse Glasses USA Not sure what to do with your used eclipse glasses now that the October 2023 eclipse has passed? Donate them to Eclipse Glasses USA. We will send them to school children in other countries for those c...

Consider donating your eclipse glasses to Eclipse Glasses USA so schoolchildren in South America can use them in October. eclipse23.com/pages/donate...

08.04.2024 20:49 β€” πŸ‘ 939    πŸ” 744    πŸ’¬ 7    πŸ“Œ 15
Preview
Episode 318: Threshold Signature Schemes & FROST with Chelsea Komlo - ZK Podcast In this week’s episode, Anna and Nico chat with Chelsea Komlo, Chief Scientist for the Zcash Foundation and member of the Cryptography, Security, and Privacy lab at the University of Waterloo. They d...

First podcast, check it out! :) zeroknowledge.fm/318-2/

05.04.2024 01:13 β€” πŸ‘ 12    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Preview
Facebook snooped on users' Snapchat traffic in secret project, documents reveal | TechCrunch A secret program called

This is jaw-dropping, wild news and should be criminal

techcrunch.com/2024/03/26/f...

01.04.2024 00:19 β€” πŸ‘ 6    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

It's not a choice of one or the other.

Use the appendix, as an author, to make reviewers see the value of sticky reviews and make them more likely to ask chairs to turn them on!

31.03.2024 12:55 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

Good point!

31.03.2024 18:02 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

If you are on a PC for an IACR conference, consider reaching out to the PC chairs to request β€œsticky reviews”, to allow reviews from prior submissions to IACR conferences to be visible! Let’s make science better! πŸ’ͺ

30.03.2024 20:25 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

It is good to know you feel this way, as a potential future book-writer :)

30.03.2024 19:41 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Will do! Thanks Nigel πŸ™

30.03.2024 18:20 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Well, I would like this feature as a reviewer :)

30.03.2024 18:10 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Great to hear this is possible!! So it is just a matter of promoting it to be more of the norm πŸ€”

30.03.2024 18:03 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

I wish conferences asked papers to submit feedback received from prior submission attempts and a discussion of how the authors improved the paper since then… so much context is lost between submission attempts across different venues

30.03.2024 17:04 β€” πŸ‘ 7    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Post image

Thanks for the amazing time #RealWorldCrypto, fantastic talks and conversations as always! See you next year in Europe :)

29.03.2024 15:55 β€” πŸ‘ 8    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Changing my job title to β€œfancy cryptographer” thanks #RealWorldCrypto

25.03.2024 15:11 β€” πŸ‘ 18    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Abstract. Threshold Schnorr signatures are seeing increased adoption in practice, and offer practical defenses against single points of failure. However, one challenge with existing randomized threshold Schnorr signature schemes is that signers must carefully maintain secret state across signing rounds, while also ensuring that state is deleted after a signing session is completed. Failure to do so will result in a fatal key-recovery attack by re-use of nonces. While deterministic threshold Schnorr signatures that mitigate this issue exist in the literature, all prior schemes incur high complexity and performance overhead in comparison to their randomized equivalents. In this work, we seek the best of both worlds; a deterministic and stateless threshold Schnorr signature scheme that is also simple and efficient. Towards this goal, we present Arctic, a lightweight two-round threshold Schnorr signature that is deterministic, and therefore does not require participants to maintain state between signing rounds. As a building block, we formalize the notion of a Verifiable Pseudorandom Secret Sharing (VPSS) scheme, and define Shine, an efficient VPSS construction. Shine is secure when the total number of participants is at least 2t βˆ’ 1 and the adversary is assumed to corrupt at most t βˆ’ 1; i.e., in the honest majority model. We prove that Arctic is secure under the discrete logarithm assumption in the random oracle model, similarly assuming at minimum 2t βˆ’ 1 number of signers and a corruption threshold of at most t βˆ’ 1. For moderately sized groups (i.e., when n ≀ 20), Arctic is more than an order of magnitude more efficient than prior deterministic threshold Schnorr signatures in the literature. For small groups where n ≀ 10, Arctic is three orders of magnitude more efficient.

Abstract. Threshold Schnorr signatures are seeing increased adoption in practice, and offer practical defenses against single points of failure. However, one challenge with existing randomized threshold Schnorr signature schemes is that signers must carefully maintain secret state across signing rounds, while also ensuring that state is deleted after a signing session is completed. Failure to do so will result in a fatal key-recovery attack by re-use of nonces. While deterministic threshold Schnorr signatures that mitigate this issue exist in the literature, all prior schemes incur high complexity and performance overhead in comparison to their randomized equivalents. In this work, we seek the best of both worlds; a deterministic and stateless threshold Schnorr signature scheme that is also simple and efficient. Towards this goal, we present Arctic, a lightweight two-round threshold Schnorr signature that is deterministic, and therefore does not require participants to maintain state between signing rounds. As a building block, we formalize the notion of a Verifiable Pseudorandom Secret Sharing (VPSS) scheme, and define Shine, an efficient VPSS construction. Shine is secure when the total number of participants is at least 2t βˆ’ 1 and the adversary is assumed to corrupt at most t βˆ’ 1; i.e., in the honest majority model. We prove that Arctic is secure under the discrete logarithm assumption in the random oracle model, similarly assuming at minimum 2t βˆ’ 1 number of signers and a corruption threshold of at most t βˆ’ 1. For moderately sized groups (i.e., when n ≀ 20), Arctic is more than an order of magnitude more efficient than prior deterministic threshold Schnorr signatures in the literature. For small groups where n ≀ 10, Arctic is three orders of magnitude more efficient.

Image showing part 2 of abstract.

Image showing part 2 of abstract.

Arctic: Lightweight and Stateless Threshold Schnorr Signatures (Chelsea Komlo, Ian Goldberg) ia.cr/2024/466

22.03.2024 21:42 β€” πŸ‘ 5    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

Hi Toronto! Looking forward to seeing everyone at #RealWorldCrypto πŸ‡¨πŸ‡¦

21.03.2024 00:30 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I was asked today what the upper bound is on number of signers in threshold signature schemes used in practice today and I didn’t have a good answer…

I’m assuming consensus schemes are larger, but does anyone know of signing groups of > 20? That seems on the larger side

24.01.2024 22:36 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Apparently those leading the anti-diversity programs at US public universities believe β€œa healthy society requires patriarchy”- why in 2023 are women with voices and brains considered to be such a threat www.nytimes.com/interactive/...

22.01.2024 11:03 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

I wish there was more of a culture in cryptography of reaching out to authors to carefully double check claims before writing these claims in reviews or related work.

I’ve seen *big* mistakes made- eg, by a reviewer that said my summary of my own prior work was wrong πŸ™ƒ

20.01.2024 15:45 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I did this. Please do this; if you are a person who can get pregnant, have them on hand. I used AidAccess.org. I have a vision for care access where people can ask other people for abortion pills the way we call out for tampons in a public restroom. Though I suppose not in a *public* restroom.

02.01.2024 17:14 β€” πŸ‘ 125    πŸ” 74    πŸ’¬ 4    πŸ“Œ 3

Misuse resistant cryptography, but more. I want to see takes on it from more fields, like what do data centers need from it?

30.12.2023 16:48 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Better in what ways?

30.12.2023 15:52 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

To anyone working on real-world cryptography- what would you like to see more of in cryptography research for 2024?

Readable papers? Performance measurements? Accounting for specific failure cases? More PQ? Acceptance of non-standard assumptions? Solving certain problems?

30.12.2023 15:14 β€” πŸ‘ 8    πŸ” 4    πŸ’¬ 4    πŸ“Œ 0

@chelseakomlo is following 20 prominent accounts