Verifiable Timed Signatures Made Practical

A verifiable timed signature (VTS) scheme allows one to time-lock a signature on a known message for a given amount of time T such that after performing a sequential computation for time T anyone can extract the signature from the time-lock. Verifiability ensures that anyone can publicly check if a time-lock contains a valid signature on the message without solving it first, and that the signature can be obtained by solving the same for time T. This work formalizes VTS, presents efficient constructions compatible with BLS, Schnorr, and ECDSA signatures, and experimentally demonstrates that these constructions can be employed in practice. On a technical level, we design an efficient cut-and-choose protocol based on the homomorphic time-lock puzzles to prove the validity of a signature encapsulated in a time-lock puzzle. We also present a new efficient range proof protocol that significantly improves upon existing proposals in terms of the proof size, and is also of independent interest. While VTS is a versatile tool with numerous existing applications, we demonstrate VTS's applicability to resolve three novel challenging issues in the space of cryptocurrencies. Specifically,we show how VTS is the cryptographic cornerstone to construct:(i) Payment channel networks with improved on-chain unlinkability of users involved in a transaction, (ii) multi-party signing of transactions for cryptocurrencies without any on-chain notion oftime and (iii) cryptocurrency-enabled fair multi-party computation protocol.

[1]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[2]  Yannick Seurin,et al.  Simple Schnorr multi-signatures with applications to Bitcoin , 2019, Designs, Codes and Cryptography.

[3]  Tim Ruffing,et al.  Omniring: Scaling Private Payments Without Trusted Setup , 2019, CCS.

[4]  Stefan Dziembowski,et al.  Efficient Zero-Knowledge Contingent Payments in Cryptocurrencies Without Scripts , 2016, ESORICS.

[5]  Radhika Mittal,et al.  High Throughput Cryptocurrency Routing in Payment Channel Networks , 2020, NSDI.

[6]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[7]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[8]  Giulio Malavolta,et al.  Homomorphic Time-Lock Puzzles and Applications , 2019, IACR Cryptol. ePrint Arch..

[9]  B.K. Yi,et al.  Digital signatures , 2006, IEEE Potentials.

[10]  Yehuda Lindell,et al.  Fast Secure Two-Party ECDSA Signing , 2017, Journal of Cryptology.

[11]  Juan A. Garay,et al.  Timed Fair Exchange of Standard Signatures: [Extended Abstract] , 2003, Financial Cryptography.

[12]  Rosario Gennaro,et al.  Fast Multiparty Threshold ECDSA with Fast Trustless Setup , 2018, CCS.

[13]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[14]  Giulio Malavolta,et al.  Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability , 2019, NDSS.

[15]  Nir Bitansky,et al.  Time-Lock Puzzles from Randomized Encodings , 2016, IACR Cryptol. ePrint Arch..

[16]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[17]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[18]  Iddo Bentov,et al.  How to Use Bitcoin to Incentivize Correct Computations , 2014, CCS.

[19]  Yehuda Lindell,et al.  Fast Distributed RSA Key Generation for Semi-Honest and Malicious Adversaries , 2018, IACR Cryptol. ePrint Arch..

[20]  Juan A. Garay,et al.  Timed Fair Exchange of Standard Signatures , 2003, IACR Cryptology ePrint Archive.

[21]  Christian Hanser,et al.  Verifiably Encrypted Signatures: Security Revisited and a New Construction , 2015, ESORICS.

[22]  Rafael Pass,et al.  Two-Round and Non-Interactive Concurrent Non-Malleable Commitments from Time-Lock Puzzles , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[23]  Moni Naor,et al.  Timed Commitments , 2000, CRYPTO.

[24]  David Tse,et al.  Boomerang: Redundancy Improves Latency and Throughput in Payment-Channel Networks , 2020, Financial Cryptography.

[25]  Eike Kiltz,et al.  On the Security of Two-Round Multi-Signatures , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[26]  Yuval Ishai,et al.  How to Garble Arithmetic Circuits , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[27]  Yehuda Lindell,et al.  Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody , 2018, CCS.

[28]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[29]  Stefanie Roos,et al.  Splitting Payments Locally While Routing Interdimensionally , 2020, IACR Cryptol. ePrint Arch..

[30]  Pedro Moreno-Sanchez,et al.  Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks , 2019, IACR Cryptol. ePrint Arch..

[31]  Giulio Malavolta,et al.  Concurrency and Privacy with Payment-Channel Networks , 2017, IACR Cryptol. ePrint Arch..

[32]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[33]  Klaus Wehrle,et al.  Secure and anonymous decentralized Bitcoin mixing , 2018, Future Gener. Comput. Syst..

[34]  Rachid El Bansarkhani,et al.  An Efficient Lattice-Based Multisignature Scheme with Applications to Bitcoins , 2016, CANS.

[35]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[36]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[37]  Markus Jakobsson,et al.  Timed Release of Standard Digital Signatures , 2002, Financial Cryptography.

[38]  Klaus Wehrle,et al.  CoinParty: Secure Multi-Party Mixing of Bitcoins , 2015, CODASPY.

[39]  Iddo Bentov,et al.  How to Use Bitcoin to Play Decentralized Poker , 2015, CCS.

[40]  Dan Boneh,et al.  Compact Multi-Signatures for Smaller Blockchains , 2018, IACR Cryptol. ePrint Arch..

[41]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[42]  Silvio Micali,et al.  Non-Interactive Zero-Knowledge Proof Systems , 1987, CRYPTO.

[43]  Elaine Shi,et al.  Pseudonymous Secure Computation from Time-Lock Puzzles , 2014, IACR Cryptol. ePrint Arch..

[44]  OpenSSL OpenSSL : The open source toolkit for SSL/TSL , 2002 .

[45]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..