Bandwidth-efficient threshold EC-DSA

Threshold Signatures allow n parties to share the power of issuing digital signatures so that any coalition of size at least \(t+1\) can sign, whereas groups of t or less players cannot. Over the last few years many schemes addressed the question of realizing efficient threshold variants for the specific case of EC-DSA signatures. In this paper we present new solutions to the problem that aim at reducing the overall bandwidth consumption. Our main contribution is a new variant of the Gennaro and Goldfeder protocol from ACM CCS 2018 that avoids all the required range proofs, while retaining provable security against malicious adversaries in the dishonest majority setting. Our experiments show that – for all levels of security – our signing protocol reduces the bandwidth consumption of best previously known secure protocols for factors varying between 4.4 and 9, while key generation is consistently two times less expensive. Furthermore compared to these same protocols, our signature generation is faster for 192-bits of security and beyond.

[1]  Dan Boneh,et al.  Using Level-1 Homomorphic Encryption to Improve Threshold DSA Signatures for Bitcoin Wallet Security , 2017, LATINCRYPT.

[2]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[3]  Karim Belabas,et al.  On quadratic fields with large 3-rank , 2004, Math. Comput..

[4]  Krzysztof Pietrzak,et al.  Simple Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[5]  Niv Gilboa,et al.  Two Party RSA Key Generation , 1999, CRYPTO.

[6]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 1996, CRYPTO.

[7]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[8]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[9]  Johannes A. Buchmann,et al.  A Signature Scheme Based on the Intractability of Computing Roots , 2002, Des. Codes Cryptogr..

[10]  Jacques Stern,et al.  Short Proofs of Knowledge for Factoring , 2000, Public Key Cryptography.

[11]  Marcel Keller,et al.  Securing DNSSEC Keys via Threshold ECDSA from Generic MPC , 2020, ESORICS.

[12]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[13]  Helger Lipmaa,et al.  Secure Accumulators from Euclidean Rings without Trusted Setup , 2012, ACNS.

[14]  Abhi Shelat,et al.  Threshold ECDSA from ECDSA Assumptions: The Multiparty Case , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[15]  Michael J. Jacobson,et al.  Security Estimates for Quadratic Field Based Cryptosystems , 2010, ACISP.

[16]  Dan Boneh,et al.  A Survey of Two Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[17]  Nico Döttling,et al.  Two-Round Oblivious Transfer from CDH or LPN , 2020, IACR Cryptol. ePrint Arch..

[18]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[19]  Arvind Narayanan,et al.  Threshold-Optimal DSA/ECDSA Signatures and an Application to Bitcoin Wallet Security , 2016, ACNS.

[20]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[21]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, Journal of Cryptology.

[22]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[23]  Fabien Laguillaumie,et al.  Encryption Switching Protocols Revisited: Switching Modulo p , 2017, CRYPTO.

[24]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[25]  Jeffrey C. Lagarias,et al.  Worst-Case Complexity Bounds for Algorithms in the Theory of Integral Quadratic Forms , 1980, J. Algorithms.

[26]  Ronald L. Rivest,et al.  Responses to NIST's proposal , 1992, CACM.

[27]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[28]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 2000, Journal of Cryptology.

[29]  Michael K. Reiter,et al.  Two-party generation of DSA signatures , 2001, International Journal of Information Security.

[30]  Nigel P. Smart,et al.  Distributing Any Elliptic Curve Based Protocol , 2019, IMACC.

[31]  Henri Cohen,et al.  Heuristics on class groups , 1984 .

[32]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[33]  Marcel Keller,et al.  Securing DNSSEC Keys via Threshold ECDSA From Generic MPC , 2020, IACR Cryptol. ePrint Arch..

[34]  Rafael Pass,et al.  Concurrent non-malleable commitments , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[35]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[36]  Aggelos Kiayias,et al.  On the Portability of Generalized Schnorr Proofs , 2009, EUROCRYPT.

[37]  Johannes Buchmann,et al.  A Survey on {IQ} Cryptography , 2001 .

[38]  Ivan Damgård,et al.  A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order , 2002, ASIACRYPT.

[39]  Rosario Gennaro,et al.  Fast Multiparty Threshold ECDSA with Fast Trustless Setup , 2018, CCS.

[40]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, EUROCRYPT.

[41]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[42]  Yehuda Lindell,et al.  Fast Secure Two-Party ECDSA Signing , 2017, Journal of Cryptology.

[43]  Nigel P. Smart,et al.  Distributing any Elliptic Curve Based Protocol: With an Application to MixNets , 2019, IACR Cryptol. ePrint Arch..

[44]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[45]  Fabien Laguillaumie,et al.  Practical Fully Secure Unrestricted Inner Product Functional Encryption modulo p , 2018, IACR Cryptol. ePrint Arch..

[46]  Duncan A. Buell,et al.  Class groups of quadratic fields II , 1976 .

[47]  Máire O'Neill,et al.  Cryptography and Coding , 2017, Lecture Notes in Computer Science.

[48]  Duncan A. Buell Class Groups of Quadratic Fields , 2010 .

[49]  Abhi Shelat,et al.  Secure Two-party Threshold ECDSA from ECDSA Assumptions , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[50]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[51]  Fabien Laguillaumie,et al.  Linearly Homomorphic Encryption from $$\mathsf {DDH}$$ , 2015, CT-RSA.

[52]  Benjamin Wesolowski,et al.  Efficient Verifiable Delay Functions , 2019, Journal of Cryptology.

[53]  Fabien Laguillaumie,et al.  Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations , 2019, IACR Cryptol. ePrint Arch..

[54]  Safuat Hamdy,et al.  Arithmetic Properties of Class Numbers of Imaginary Quadratic Fields , 2006 .

[55]  Fabien Laguillaumie,et al.  Linearly Homomorphic Encryption from DDH , 2015, IACR Cryptol. ePrint Arch..

[56]  Yehuda Lindell,et al.  Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody , 2018, CCS.