Abstract
A threshold signature is a special digital signature in which the N-signer share the private key x and can construct a valid signature for any subset of the included t-signer, but less than t-signer cannot obtain any information. Considering the breakthrough achievements of threshold ECDSA signature and threshold Schnorr signature, the existing threshold SM2 signature is still limited to two parties or based on the honest majority setting, there is no more effective solution for the multiparty case. To make the SM2 signature have more flexible application scenarios, promote the application of the SM2 signature scheme in the blockchain system and secure cryptocurrency wallets. This paper designs a non-interactive threshold SM2 signature scheme based on partially homomorphic encryption and zero-knowledge proof. Only the last round requires the message input, so make our scheme non-interactive, and the pre-signing process takes 2 rounds of communication to complete after the key generation. We allow arbitrary threshold t ⩽ n and design a key update strategy. It can achieve security with identifiable abort under the malicious majority, which means that if the signature process fails, we can find the failed party. Performance analysis shows that the computation and communication costs of the pre-signing process grows linearly with the parties, and it is only 1/3 of the Canetti’s threshold ECDSA (CCS’20).
Similar content being viewed by others
References
Desmedt Y. Society and group oriented cryptography: a new concept. In: Proceedings of the Advances in Cryptology. 1988, 120–127
Desmedt Y, Frankel Y. Threshold cryptosystems. In: Proceedings of the Advances in Cryptology. 1990, 307–315
ISO. ISO/IEC 14888-3:2018 IT security techniques-Digital signatures with appendix-part 3: discrete logarithm based mechanisms. Geneva, Switzerland: International Organization for Standardization, 2018
Nick J, Ruffing T, Seurin Y. MuSig2: simple two-round schnorr multi-signatures. In: Proceedings of the 41st Annual International Cryptology Conference on Advances in Cryptology. 2021, 189–221
MacKenzie P, Reiter M K. Two-party generation of DSA signatures. In: Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology. 2001, 137–154
Gennaro R, Goldfeder S, Narayanan A. Threshold-optimal DSA/ECDSA signatures and an application to bitcoin wallet security. In: Proceedings of the 14th International Conference on Applied Cryptography and Network Security. 2016, 156–174
Lindell Y. Fast secure two-party ECDSA signing. Journal of Cryptology, 2021, 34(4): 44
Doerner J, Kondi Y, Lee E, Shelat A. Secure two-party threshold ECDSA from ECDSA assumptions. In: Proceedings of 2018 IEEE Symposium on Security and Privacy (SP). 2018, 980–997
Gennaro R, Goldfeder S. Fast multiparty threshold ECDSA with fast trustless setup. In: Proceedings of 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018, 1179–1194
Pettit M. Efficient threshold-optimal ECDSA. In: Proceedings of the 20th International Conference on Cryptology and Network Security. 2021, 116–135
Canetti R, Gennaro R, Goldfeder S, Makriyannis N, Peled U. UC non-interactive, proactive, threshold ECDSA with identifiable aborts. In: Proceedings of 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020, 1769–1787
Lindell Y, Nof A. Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: Proceedings of 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018, 1837–1854
Shang M, Ma Y, Lin J Q, Jing J W. A threshold scheme for SM2 elliptic curve cryptographic algorithm. Journal of Cryptologic Research, 2014, 1(2): 155–166
Zhang Y, He D, Zhang M, Choo K K R. A provable-secure and practical two-party distributed signing protocol for SM2 signature algorithm. Frontiers of Computer Science, 2020, 14(3): 143803
Keller M. MP-SPDZ: a versatile framework for multi-party computation. In: Proceedings of 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020, 1575–1590
Acar A, Aksu H, Uluagac A S, Conti M. A survey on homomorphic encryption schemes: theory and implementation. ACM Computing Surveys, 2019, 51(4): 79
Administration S C. Information security technology—Public key cryptographic algorithm SM2 based on elliptic curves—Part 2: Digital signature algorithm. Beijing: State Cryptography Administration, 2016
Paillier P. Public-key cryptosystems based on composite degree residuosity classes. In: Proceedings of the International Conference on Advances in Cryptology. 1999, 223–238
Tymokhanov D, Shlomovits O. Alpha-rays: key extraction attacks on threshold ECDSA implementations. IACR Cryptology ePrint Archive, 2021, 2021:1621
Gennaro R, Goldfeder S. One round threshold ECDSA with identifiable abort. IACR Cryptology ePrint Archive, 2020, 2020:540
Shamir A. How to share a secret. Communications of the ACM, 1979, 22(11): 612–613
Feldman P. A practical scheme for non-interactive verifiable secret sharing. In: Proceedings of the 28th Annual Symposium on Foundations of Computer Science. 1987, 427–438
Lindell Y. Simple three-round multiparty schnorr signing with full simulatability. IACR Cryptology ePrint Archive, 2022, 2022:374
Cramer R, Damgård I, Schoenmakers B. Proofs of partial knowledge and simplified design of witness hiding protocols. In: Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology. 1994, 174–187
Cohen R, Haitner I, Omri E, Rotem L. From fairness to full security in multiparty computation. Journal of Cryptology, 2022, 35(1): 4
Goldreich O. Foundations of Cryptography: Volume 2, Basic Applications. Cambridge: Cambridge University Press, 2009
Canetti R. Universally composable security: a new paradigm for cryptographic protocols. In: Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science. 2001, 136–145
Li X, He M. A protocol of member-join in a secret sharing scheme. In: Proceedings of the 2nd Information Security Practice and Experience. 2006, 134–141
Yu J, Kong F, Hao R, Li X. How to publicly verifiably expand a member without changing old shares in a secret sharing scheme. In: Proceedings of the IEEE ISI 2008 International Workshops on Intelligence and Security Informatics. 2008, 138–148
Castagnos G, Catalano D, Laguillaumie F, Savasta F, Tucker I. Two-party ECDSA from hash proof systems and efficient instantiations. In: Proceedings of the 39th Annual International Cryptology Conference on Advances in Cryptology. 2019, 191–221
Doerner J, Kondi Y, Lee E, Shelat A. Threshold ECDSA from ECDSA assumptions: the multiparty case. In: Proceedings of 2019 IEEE Symposium on Security and Privacy (SP). 2019, 1051–1066
Wang C, Wang D, Tu Y, Xu G, Wang H. Understanding node capture attacks in user authentication schemes for wireless sensor networks. IEEE Transactions on Dependable and Secure Computing, 2022, 19(1): 507–523
Qiu S, Wang D, Xu G, Kumari S. Practical and provably secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices. IEEE Transactions on Dependable and Secure Computing, 2022, 19(2): 1338–1351
Wang Q, Wang D, Cheng C, He D. Quantum2FA: efficient quantum-resistant two-factor authentication scheme for mobile devices. IEEE Transactions on Dependable and Secure Computing, 2021, doi: https://doi.org/10.1109/TDSC.2021.3129512
Li Z, Wang D, Morais E. Quantum-safe round-optimal password authentication for mobile devices. IEEE Transactions on Dependable and Secure Computing, 2022, 19(3): 1885–1899
Author information
Authors and Affiliations
Corresponding author
Additional information
Huiqiang Liang is currently pursing his MS degree at School of Mathematics and Statistics, Wuhan University, China. His main research interests include cryptography and information security and SMPC.
Jianhua Chen received the MS and PhD degrees from School of Mathematics and Statistics, Wuhan University, China in 1989 and 1994, respectively. He is currently a professor of the Applied Mathematics Department, Wuhan University, China. His current research interests include number theory, information security, and network security.
Electronic Supplementary Material
Rights and permissions
About this article
Cite this article
Liang, H., Chen, J. Non-interactive SM2 threshold signature scheme with identifiable abort. Front. Comput. Sci. 18, 181802 (2024). https://doi.org/10.1007/s11704-022-2288-x
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11704-022-2288-x