Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations

ECDSA is a widely adopted digital signature standard. Unfortunately, efficient distributed variants of this primitive are notoriously hard to achieve and known solutions often require expensive zero knowledge proofs to deal with malicious adversaries. For the two party case, Lindell [Lin17] recently managed to get an efficient solution which, to achieve simulation-based security, relies on an interactive, non standard, assumption on Paillier’s cryptosystem. In this paper we generalize Lindell’s solution using hash proof systems. The main advantage of our generic method is that it results in a simulation-based security proof without resorting to non-standard interactive assumptions.

[1]  Edward Eaton,et al.  A Note on the Instantiability of the Quantum Random Oracle , 2020, IACR Cryptol. ePrint Arch..

[2]  Yehuda Lindell,et al.  How To Simulate It - A Tutorial on the Simulation Proof Technique , 2016, IACR Cryptol. ePrint Arch..

[3]  Fabrice Benhamouda,et al.  CCA-Secure Inner-Product Functional Encryption from Projective Hash Functions , 2017, IACR Cryptol. ePrint Arch..

[4]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[5]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[6]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[7]  Abhi Shelat,et al.  Threshold ECDSA from ECDSA Assumptions: The Multiparty Case , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[8]  Aggelos Kiayias,et al.  On the Portability of Generalized Schnorr Proofs , 2009, EUROCRYPT.

[9]  Michael J. Jacobson,et al.  Computing Discrete Logarithms in Quadratic Orders , 2015, Journal of Cryptology.

[10]  Ivan Damgård,et al.  A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order , 2002, ASIACRYPT.

[11]  Laurent Imbert,et al.  Fast ideal cubing in imaginary quadratic number and function fields , 2010, Adv. Math. Commun..

[12]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[13]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[14]  Dan Boneh,et al.  A Survey of Two Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[15]  Richard E. Overill,et al.  Foundations of Cryptography: Basic Tools , 2002, J. Log. Comput..

[16]  Rafail Ostrovsky,et al.  Lossy Trapdoor Functions from Smooth Homomorphic Hash Proof Systems , 2009, Electron. Colloquium Comput. Complex..

[17]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[18]  Johannes Buchmann,et al.  A Survey on {IQ} Cryptography , 2001 .

[19]  Fabien Laguillaumie,et al.  Linearly Homomorphic Encryption from DDH , 2015, IACR Cryptol. ePrint Arch..

[20]  Yehuda Lindell,et al.  Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody , 2018, CCS.

[21]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[22]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[23]  Fabien Laguillaumie,et al.  Encryption Switching Protocols Revisited: Switching Modulo p , 2017, CRYPTO.

[24]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[25]  Fabien Laguillaumie,et al.  On the Security of Cryptosystems with Quadratic Decryption: The Nicest Cryptanalysis , 2009, EUROCRYPT.

[26]  Rosario Gennaro,et al.  Fast Multiparty Threshold ECDSA with Fast Trustless Setup , 2018, CCS.

[27]  Yehuda Lindell,et al.  Efficient Secure Two-Party Protocols , 2010, Information Security and Cryptography.

[28]  Safuat Hamdy,et al.  On Class Group Computations Using the Number Field Sieve , 2003, ASIACRYPT.

[29]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[30]  Fabien Laguillaumie,et al.  Linearly Homomorphic Encryption from $$\mathsf {DDH}$$ , 2015, CT-RSA.

[31]  Benjamin Wesolowski,et al.  Efficient Verifiable Delay Functions , 2019, Journal of Cryptology.

[32]  Ronald L. Rivest,et al.  Responses to NIST's proposal , 1992, CACM.

[33]  Yehuda Lindell,et al.  Fast Secure Two-Party ECDSA Signing , 2017, Journal of Cryptology.

[34]  Michael J. Jacobson,et al.  Security Estimates for Quadratic Field Based Cryptosystems , 2010, ACISP.

[35]  Paul E. Baclace Competitive agents for information filtering , 1992, CACM.

[36]  Jacques Stern,et al.  On the Fly Authentication and Signature Schemes Based on Groups of Unknown Order , 2006, Journal of Cryptology.

[37]  Arvind Narayanan,et al.  Threshold-Optimal DSA/ECDSA Signatures and an Application to Bitcoin Wallet Security , 2016, ACNS.

[38]  Fabien Laguillaumie,et al.  Practical Fully Secure Unrestricted Inner Product Functional Encryption modulo p , 2018, IACR Cryptol. ePrint Arch..

[39]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, EUROCRYPT.

[40]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[41]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[42]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[43]  Yehuda Lindell,et al.  Efficient Secure Two-Party Protocols: Techniques and Constructions , 2010 .

[44]  Douglas Wikström,et al.  Efficiency Limitations of Σ-Protocols for Group Homomorphisms Revisited , 2012, SCN.

[45]  Abhi Shelat,et al.  Secure Two-party Threshold ECDSA from ECDSA Assumptions , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[46]  Michael K. Reiter,et al.  Two-party generation of DSA signatures , 2001, International Journal of Information Security.