I spoke with the main authors of this paper https://eprint.iacr.org/2018/417.pdf
They told that there is follow-up work breaking schnorr base CoSi (able to forge signatures if there are a few dozen CoSi rounds running concurrently)
As a result I would propose to bump the priority of swapping to BLSCoSi that is provable secure
@swarali is currently working on testing the implementation we have but she has trouble when trying to run to more than a dozen nodes
Gilthoniel
commented
5 years ago
from Lefteris:
I spoke with the main authors of this paper https://eprint.iacr.org/2018/417.pdf They told that there is follow-up work breaking schnorr base CoSi (able to forge signatures if there are a few dozen CoSi rounds running concurrently) As a result I would propose to bump the priority of swapping to BLSCoSi that is provable secure @swarali is currently working on testing the implementation we have but she has trouble when trying to run to more than a dozen nodes