It's the first of its kind (as prior works were restricted to the two-party case) and achieves complexity (round and communication) comparable to FROST! It's also fully implemented in Rust.

The paper has been accepted to ACM CCS 2025, where I'll be attending later this year, but is also now on IACR! https://eprint.iacr.org/2025/1666

This is based off the design I first sketched almost two years ago, and my wonderful coauthors were able to help formalize and then prove!

I will caveat our protocol does not support preprocessing, so when presigning, it has a higher round complexity than FROST. This may solely be a gap in the security proofs though, not the protocol itself, per https://eprint.iacr.org/2021/1449.

The implementation in Rust is bespoke, heavily taking advantage of the RustCrypto's amazing crypto-bigint library (https://github.com/RustCrypto/crypto-bigint). Benchmarks are included in the paper!

I'm happy to answer any questions as well! Truly a great journey.

*All participants have to verify all other participants' messages and introducing a coordinator who performs aggregations would require a non-trivial ZK proof. This should be compared to uncoordinated FROST without presigning. Sorry for the mistake which overstepped our claims.