Multi-signature aggregates signatures from multiple users on the same message into a joint signature, which is widely applied in blockchain to reduce the percentage of signatures in blocks and improve the throughput of transactions. The $k$-sum attacks are one of the major challenges to design secure multi-signature schemes. In this work, we address $k$-sum attacks from a novel angle by defining a Public Third Party (PTP), which is an automatic process that can be verifiable by the public and restricts the signing phase from continuing until receiving commitments from all signers. Further, a two-round multi-signature scheme MEMS with PTP is proposed, which is secure based on discrete logarithm assumption in the random oracle model. As each signer communicates directly with the PTP instead of other co-signers, the total amount of communications is significantly reduced. In addition, as PTP participates in the computation of the aggregation and signing algorithms, the computation cost left for each signer and verifier remains the same as the basis Schnorr signature. To the best of our knowledge, this is the maximum efficiency that a Schnorr-based multi-signature scheme can achieve. Further, MEMS is applied in blockchain platform, e.g., Fabric, to improve the transaction efficiency.

翻译：多签名将多个用户对同一消息的签名聚合成一个联合签名，广泛应用于区块链中，以减少签名在区块中的占比并提高交易吞吐量。$k$和攻击是设计安全多签名方案的主要挑战之一。本文从一个新颖的角度解决$k$和攻击，通过定义公共第三方（PTP）——一种可被公众验证的自动过程，限制签名阶段在收到所有签名者的承诺后方可继续。进一步，提出了一种基于PTP的两轮多签名方案MEMS，该方案在随机预言机模型下基于离散对数假设是安全的。由于每个签名者直接与PTP通信而非其他共同签名者，总通信量显著减少。此外，PTP参与聚合与签名算法的计算，使得每个签名者和验证者剩余的计算成本与基础Schnorr签名保持一致。据我们所知，这是基于Schnorr的多签名方案所能达到的最大效率。进一步地，MEMS被应用于区块链平台（例如Fabric）以提高交易效率。