A Trustless GQ Multi-Signature Scheme with Identifiable Abort

Guillou-Quisquater (GQ) signature is an efficient RSA-based digital signature scheme amongst the most famous Fiat-Shamir followons owing to its good simplicity. However, there exist two bottlenecks for GQ hindering its application in industry or academia: the RSA trapdoor n = pq in the key generation phase and its high bandwidth caused by the storage-consuming representation of RSA group elements (3072 bits per one element in 128-bit security). In this paper, we first formalize the definition and security proof of class group based GQ signature (CL-GQ), which eliminates the trapdoor in key generation phase and improves the bandwidth efficiency from the RSA-based GQ signature. Then, we construct a trustless GQ multisignature scheme by applying non-malleable equivocable commitments and our well-designed compact non-interactive zero-knowledge proofs (NIZK). Our scheme has a well-rounded performance compared to existing multiparty GQ, Schnorr and ECDSA schemes, in the aspects of bandwidth (no range proof or multiplication-to-addition protocol required), rather few interactions (only 4 rounds in signing), provable security in dishonest majority model and identifiable abort property. Another interesting finding is that, our NIZK is highly efficient (only one round required) by using the Bezout formula, and this trick can also optimize the ZK proof of Paillier ciphertext which greatly improves the speed of Yi’s Blind ECDSA (AsiaCCS 2019).

[1]  Wen-Guey Tzeng,et al.  Optimal resilient threshold GQ signatures , 2007, Inf. Sci..

[2]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[3]  Rosario Gennaro,et al.  One Round Threshold ECDSA with Identifiable Abort , 2020, IACR Cryptol. ePrint Arch..

[4]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[5]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[6]  Michael J. Jacobson,et al.  Subexponential class group computation in quadratic orders , 1999 .

[7]  A. Meyer,et al.  Introduction to Number Theory , 2005 .

[8]  Yannick Seurin,et al.  Simple Schnorr multi-signatures with applications to Bitcoin , 2019, Designs, Codes and Cryptography.

[9]  Rosario Gennaro,et al.  Fast Multiparty Threshold ECDSA with Fast Trustless Setup , 2018, CCS.

[10]  曾贵华,et al.  A Distributed Authentication Algorithm Based on GQ Signature for Mobile Ad Hoc Networks , 2006 .

[11]  Elaine B. Barker,et al.  Recommendation for Key Management Part 3: Application-Specific Key Management Guidance , 2009 .

[12]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[13]  Fabien Laguillaumie,et al.  Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations , 2019, IACR Cryptol. ePrint Arch..

[14]  Gene Itkis,et al.  Forward-Secure Signatures with Optimal Signing and Verifying , 2001, CRYPTO.

[15]  Jean-Jacques Quisquater,et al.  An Identity-Based Signature Scheme with Bounded Life-Span , 1994, CRYPTO.

[16]  Mihir Bellare,et al.  GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks , 2002, CRYPTO.

[17]  K. Itakura,et al.  A public-key cryptosystem suitable for digital multisignatures , 1983 .

[18]  Abhi Shelat,et al.  Threshold ECDSA from ECDSA Assumptions: The Multiparty Case , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[19]  Wang Hong,et al.  Robust threshold Guillou-Quisquater signature scheme , 2008, Wuhan University Journal of Natural Sciences.

[20]  Yaokai Gan,et al.  3D-Printed Guide Plate Assisted Osteochondral Transplantation for the Treatment of Large Talar Defect: Case Report and Literature Analysis , 2021 .

[21]  Marina Blanton,et al.  Secure Multiparty Computation , 2011, Encyclopedia of Cryptography and Security.

[22]  Loo Keng Hua,et al.  Introduction to number theory , 1982 .

[23]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[24]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[25]  Xiao-Wei Huang,et al.  A Proxy Multi-Signature Scheme with Anonymous Vetoable Delegation , 2009 .

[26]  Rafail Ostrovsky,et al.  Non-interactive and non-malleable commitment , 1998, STOC '98.

[27]  Wen-Guey Tzeng,et al.  A Threshold GQ Signature Scheme , 2003, ACNS.

[28]  Mihir Bellare,et al.  Identity-Based Multi-signatures from RSA , 2007, CT-RSA.

[29]  Ran Canetti,et al.  UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts , 2020, CCS.

[30]  Yannick Seurin,et al.  MuSig-DN: Schnorr Multi-Signatures with Verifiably Deterministic Nonces , 2020, IACR Cryptol. ePrint Arch..

[31]  Jean-Jacques Quisquater,et al.  Efficient multi-signature schemes for cooperating entities , 1993, Algebraic Coding.

[32]  Dieter Gollmann,et al.  A New Blind ECDSA Scheme for Bitcoin Transaction Anonymity , 2019, IACR Cryptol. ePrint Arch..

[33]  Ivan Damgård,et al.  Generic Lower Bounds for Root Extraction and Signature Schemes in General Groups , 2002, EUROCRYPT.

[34]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, EUROCRYPT.

[35]  Fabien Laguillaumie,et al.  Bandwidth-efficient threshold EC-DSA , 2020, IACR Cryptol. ePrint Arch..

[36]  Yannick Seurin,et al.  MuSig2: Simple Two-Round Schnorr Multi-Signatures , 2020, IACR Cryptol. ePrint Arch..

[37]  Rafail Ostrovsky,et al.  Secure Multi-Party Computation with Identifiable Abort , 2014, CRYPTO.

[38]  Bodo Möller,et al.  Security of Cryptosystems Based on Class Groups of Imaginary Quadratic Orders , 2000, ASIACRYPT.

[39]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[40]  Adam Gagol,et al.  Threshold ECDSA for Decentralized Asset Custody , 2020, IACR Cryptol. ePrint Arch..

[41]  Yehuda Lindell,et al.  Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody , 2018, CCS.

[42]  Tsz Hon Yuen,et al.  Compact Zero-Knowledge Proofs for Threshold ECDSA with Trustless Setup , 2021, IACR Cryptol. ePrint Arch..

[43]  Johannes A. Buchmann,et al.  A Key Exchange System Based on Real Quadratic Fields , 1989, CRYPTO.