Thresholdizing HashEdDSA: MPC to the Rescue

Abstract

Following recent comments in a NIST document related to threshold cryptographic standards, we examine the case of thresholdizing the HashEdDSA signature scheme. This is a deterministic signature scheme based on Edwards elliptic curves. Unlike DSA, it has a Schnorr-like signature equation, which is an advantage for threshold implementations, but it has the disadvantage of having the ephemeral secret obtained by hashing the secret key and the message. We show that one can obtain relatively efficient implementations of threshold HashEdDSA with no modifications to the behaviour of the signing algorithm; we achieve this using a doubly authenticated bit (daBit) generation protocol tailored for \(\mathcal {Q}_2\) access structures that is more efficient than prior work. However, if one was to modify the standard algorithm to use an MPC-friendly hash function, such as Rescue, the performance becomes very fast indeed.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Notes

  1. 1.

    Standard TLS satisfies the properties we need for our secure channels.

  2. 2.

    Note other methodologies can reduce the total number of rounds or the total number of multiplications, i.e. when considering online and offline phases as one.

  3. 3.

    We note this is a conservative choice since taking \(c=1\) is possible due to us having \(q \approx 2^{2 \cdot \kappa }\).

References

  1. 1.

    Aly, A., Ashur, T., Ben-Sasson, E., Dhooghe, S., Szepieniec, A.: Design of symmetric-key primitives for advanced cryptographic protocols. Cryptology ePrint Archive, Report 2019/426 (2019). https://eprint.iacr.org/2019/426

  2. 2.

    Araki, T., Barak, A., Furukawa, J., Lichter, T., Lindell, Y., Nof, A., Ohara, K., Watzman, A., Weinstein, O.: Optimized honest-majority MPC for malicious adversaries—breaking the 1 billion-gate per second barrier. In: 2017 IEEE Symposium on Security and Privacy, San Jose, May 22–26, pp. 843–862. IEEE Computer Society Press (2017)

  3. 3.

    Aly, A., Cong, K., Cozzo, D., Keller, M., Orsini, E., Rotaru, D., Scherer, O., Scholl, P., Smart, N.P., Tanguyu, T., Wood, T.: SCALE and MAMBA documentation, v1.10 (2020)

  4. 4.

    Albrecht, M.R., Grassi, L., Rechberger, C., Roy, A., Tiessen, T.: MiMC: efficient encryption and cryptographic hashing with minimal multiplicative complexity. In: Cheon, J.H., Takagi, T. (eds.) Advances in Cryptology—ASIACRYPT 2016, Part I, Volume 10031 of Lecture Notes in Computer Science, Hanoi, Vietnam, December 4–8, pp. 191–219. Springer, Heidelberg (2016)

  5. 5.

    Abdelrahaman, A., Orsini, E., Rotaru, D., Smart, N.P., Wood, T.: Zaphod: efficiently combining LSSS and garbled circuits in SCALE. In: Brenner, M., Lepoint, T., Rohloff, K. (eds.) Proceedings of the 7th ACM Workshop on Encrypted Computing and Applied Homomorphic Cryptography, WAHC@CCS 2019, London, Nov 11–15, 2019, pp. 33–44. ACM (2019)

  6. 6.

    Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) Advances in Cryptology—EUROCRYPT 2015, Part I, Volume 9056 of Lecture Notes in Computer Science, Sofia, April 26–30, pp. 430–454. Springer, Heidelberg (2015)

  7. 7.

    Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2011, Volume 6917 of Lecture Notes in Computer Science, Nara, Sept 28–Oct 1, pp. 124–142. Springer, Heidelberg (2011)

  8. 8.

    Bendlin, R., Damgård, I., Orlandi, C., Zakarias, S.: Semi-homomorphic encryption and multiparty computation. In: Paterson, K.G. (ed.) Advances in Cryptology—EUROCRYPT 2011, Volume 6632 of Lecture Notes in Computer Science, Tallinn, May 15–19, pp. 169–188. Springer, Heidelberg (2011)

  9. 9.

    Brandao, L.T.A.N., Davidson, M., Vassilev, A.: NIST 8214A (draft): Towards NIST standards for threshold schemes for cryptographic primitives: a preliminary roadmap (2019). https://csrc.nist.gov/publications/detail/nistir/8214a/draft

  10. 10.

    Bernstein, D.J., Josefsson, S., Lange, T., Schwabe, P., Yang, B.-Y.: EdDSA for more curves. Cryptology ePrint Archive, Report 2015/677 (2015). http://eprint.iacr.org/2015/677

  11. 11.

    Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (extended abstract). In: 20th Annual ACM Symposium on Theory of Computing, Chicago, May 2–4, pp. 11–19. ACM Press (1988)

  12. 12.

    Castagnos, G., Catalano, D., Laguillaumie, F., Savasta, F., Tucker, I.: Bandwidth-efficient threshold EC-DSA. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020: 23rd International Conference on Theory and Practice of Public Key Cryptography, Part II, Volume 12111 of Lecture Notes in Computer Science, Edinburgh, May 4–7, pp. 266–296. Springer, Heidelberg (2020)

  13. 13.

    Cogliati, B., Dodis, Y., Katz, J., Lee, J., Steinberger, J.P., Thiruvengadam, A., Zhang, Z.: Provable security of (tweakable) block ciphers based on substitution-permutation networks. In: Shacham, H., Boldyreva, A. (eds.) Advances in Cryptology—CRYPTO 2018, Part I, Volume 10991 of Lecture Notes in Computer Science, Santa Barbara, Aug 19–23, pp. 722–753. Springer, Heidelberg (2018)

  14. 14.

    Chida, K., Genkin, D., Hamada, K., Ikarashi, D., Kikuchi, R., Lindell, Y., Nof A.: Fast large-scale honest-majority MPC for malicious adversaries. In: Shacham, H., Boldyreva, A. (eds.) Advances in Cryptology—CRYPTO 2018, Part III, Volume 10993 of Lecture Notes in Computer Science, Santa Barbara, Aug 19–23, pp. 34–64. Springer, Heidelberg (2018)

  15. 15.

    Damgård, I., Jakobsen, T.P., Nielsen, J.B., Pagter, J.I., Østergaard, M.B.: Fast threshold ECDSA with honest majority. In: Galdi, C., Kolesnikov, V. (eds.) SCN 20: 12th International Conference on Security in Communication Networks, Volume 12238 of Lecture Notes in Computer Science, Amalfi, Sept 14–16, pp. 382–400. Springer, Heidelberg (2020)

  16. 16.

    Damgård, I., Koprowski, M.: Practical threshold RSA signatures without a trusted dealer. In: Pfitzmann, B. (ed.) Advances in Cryptology—EUROCRYPT 2001, Volume 2045 of Lecture Notes in Computer Science, Innsbruck, May 6–10, pp. 152–165. Springer, Heidelberg (2001)

  17. 17.

    Doerner, J., Kondi, Y., Lee, E., Shelat, A.: Secure two-party threshold ECDSA from ECDSA assumptions. In: 2018 IEEE Symposium on Security and Privacy, San Francisco, May 21–23, pp. 980–997. IEEE Computer Society Press (2018)

  18. 18.

    Dalskov, A.P.K., Orlandi, C., Keller, M., Shrishak, K., Shulman, H.: Securing DNSSEC keys via threshold ECDSA from generic MPC. In: Chen, L., Li, N., Liang, K., Schneider, S.A. (eds.) ESORICS 2020: 25th European Symposium on Research in Computer Security, Part II, Volume 12309 of Lecture Notes in Computer Science, Guildford, Sept 14–18, pp. 654–673. Springer, Heidelberg (2020)

  19. 19.

    Damgård, I., Pastro, V., Smart, N.P., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) Advances in Cryptology—CRYPTO 2012, Volume 7417 of Lecture Notes in Computer Science, Santa Barbara, Aug 19–23, pp. 643–662. Springer, Heidelberg (2012)

  20. 20.

    Gennaro, R., Goldfeder, S.: Fast multiparty threshold ECDSA with fast trustless setup. In: Lie, D., Mannan, M., Backes, M., Wang, X.F. (eds.) ACM CCS 2018: 25th Conference on Computer and Communications Security, Toronto, Oct 15–19, pp. 1179–1194. ACM Press (2018)

  21. 21.

    Gennaro, R., Goldfeder, S., Narayanan, A.: Threshold-optimal DSA/ECDSA signatures and an application to bitcoin wallet security. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 16: 14th International Conference on Applied Cryptography and Network Security, Volume 9696 of Lecture Notes in Computer Science, Guildford, June 19–22, pp. 156–174. Springer, Heidelberg (2016)

  22. 22.

    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. In: Maurer, U.M. (ed.) Advances in Cryptology—EUROCRYPT’96, Volume 1070 of Lecture Notes in Computer Science, Saragossa, May 12–16, pp. 354–371. Springer, Heidelberg (1996)

  23. 23.

    Grassi, L., Kales, D., Khovratovich, D., Roy, A., Rechberger, C., Schofnegger, M.: Starkad and poseidon: new hash functions for zero knowledge proof systems. Cryptology ePrint Archive, Report 2019/458 (2019). https://eprint.iacr.org/2019/458

  24. 24.

    Grassi, L., Rechberger, C., Rotaru, D., Scholl, P., Smart, N.P.: MPC-friendly symmetric key primitives. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016: 23rd Conference on Computer and Communications Security, Vienna, Oct 24–28, pp. 430–443. ACM Press (2016)

  25. 25.

    Hirt, M., Maurer, U.M.: Player simulation and general adversary structures in perfect multiparty computation. J. Cryptol. 13(1), 31–60 (2000)

    MathSciNet  Article  Google Scholar 

  26. 26.

    Hazay, C., Scholl, P., Soria-Vazquez, E.: Low cost constant round MPC combining BMR and oblivious transfer. In: Takagi, T., Peyrin, T. (eds.) Advances in Cryptology—ASIACRYPT 2017, Part I, Volume 10624 of Lecture Notes in Computer Science, Hong Kong, Dec 3–7, pp. 598–628. Springer, Heidelberg (2017)

  27. 27.

    Keller, M.: MP-SPDZ: a versatile framework for multi-party computation. IACR Cryptology ePrint Archives, vol. 2020, p. 521 (2020)

  28. 28.

    Keller, M., Orsini, E., Scholl, P.: MASCOT: faster malicious arithmetic secure computation with oblivious transfer. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016: 23rd Conference on Computer and Communications Security, Vienna, Oct 24–28, pp. 830–842. ACM Press (2016)

  29. 29.

    Keller, M., Rotaru, D., Smart, N.P., Wood, T.: Reducing communication channels in MPC. In: Catalano, D., De Prisco, R. (eds.) SCN 18: 11th International Conference on Security in Communication Networks, Volume 11035 of Lecture Notes in Computer Science, Amalfi, Sept 5–7, pp. 181–199. Springer, Heidelberg (2018)

  30. 30.

    Karchmer, M., Wigderson, A.: On span programs. In: Proceedings of Structures in Complexity Theory, pp. 102–111 (1993)

  31. 31.

    Lindell, Y.: Fast secure two-party ECDSA signing. In: Katz, J., Shacham, H. (eds.) Advances in Cryptology—CRYPTO 2017, Part II, Volume 10402 of Lecture Notes in Computer Science, Santa Barbara, Aug 20–24, pp. 613–644. Springer, Heidelberg (2017)

  32. 32.

    Lindell, Y., Nof, A.: A framework for constructing fast MPC over arithmetic circuits with malicious adversaries and an honest-majority. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017: 24th Conference on Computer and Communications Security, Dallas, Oct 31–Nov 2, pp. 259–276. ACM Press (2017)

  33. 33.

    Lindell, Y., Nof, A.: Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: Lie, D., Mannan, M., Backes, M., Wang, X.F. (eds.) ACM CCS 2018: 25th Conference on Computer and Communications Security, Toronto, Oct 15–19, pp. 1837–1854. ACM Press (2018)

  34. 34.

    Lindell, Y., Nof, A., Ranellucci, S.: Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. Cryptology ePrint Archive, Report 2018/987 (2018). https://eprint.iacr.org/2018/987

  35. 35.

    Maurer, U.M.: Secure multi-party computation made simple. Discrete Appl. Math. 154(2), 370–381 (2006)

    MathSciNet  Article  Google Scholar 

  36. 36.

    MacKenzie, P.D., Reiter, M.K.: Two-party generation of DSA signatures. In: Kilian, J. (ed.) Advances in Cryptology—CRYPTO 2001, Volume 2139 of Lecture Notes in Computer Science, Santa Barbara, Aug 19–23, pp. 137–154. Springer, Heidelberg (2001)

  37. 37.

    National Institute of Standards and Technology. FIPS PUB 186-5 (Draft): Digital Signature Standard (DSS) (2019)

  38. 38.

    Rotaru, D., Smart, N.P., Stam, M.: Modes of operation suitable for computing on encrypted data. IACR Trans. Symmetric Cryptol. 2017(3), 294–324 (2017)

    Article  Google Scholar 

  39. 39.

    Rotaru, D., Smart, N.P., Tanguy, T., Vercauteren, F., Wood, T.: Actively secure setup for SPDZ. Cryptology ePrint Archive, Report 2019/1300 (2019). https://eprint.iacr.org/2019/1300

  40. 40.

    Rotaru, D., Wood, T.: MArBled circuits: mixing arithmetic and Boolean circuits with active security. In: Hao, F., Ruj, S., Gupta, S.S. (eds.) Progress in Cryptology—INDOCRYPT 2019: 20th International Conference in Cryptology in India, Volume 11898 of Lecture Notes in Computer Science, Hyderabad, Dec 15–18, pp. 227–249. Springer, Heidelberg (2019)

  41. 41.

    Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) Advances in Cryptology—EUROCRYPT 2000, Volume 1807 of Lecture Notes in Computer Science, Bruges, May 14–18, pp. 207–220. Springer, Heidelberg (2000)

  42. 42.

    Smart, N.P., Alaoui, Y.T.: Distributing any elliptic curve based protocol. In: Albrecht, M. (ed.) 17th IMA International Conference on Cryptography and Coding, Volume 11929 of Lecture Notes in Computer Science, Oxford, Dec 16–18, pp. 342–366. Springer, Heidelberg (2019)

  43. 43.

    Smart, N.P., Wood, T.: Error detection in monotone span programs with application to communication-efficient multi-party computation. In: Matsui, M. (ed.) Topics in Cryptology—CT-RSA 2019, Volume 11405 of Lecture Notes in Computer Science, San Francisco, March 4–8, pp. 210–229. Springer, Heidelberg (2019)

Download references

Acknowledgements

The authors would like to thank Tomer Ashur, Siemen Dhooghe, Marcel Keller, Emmanuela Orsini and Dragos Rotaru for various conversations whilst the work was carried out.

Funding

This work has been supported in part by ERC Advanced Grant ERC-2015-AdG-IMPaCT, by the Defense Advanced Research Projects Agency (DARPA) and Space and Naval Warfare Systems Center, Pacific (SSC Pacific) under contract No. FA8750-19-C-0502, by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Projects Activity (IARPA) via Contract No. 2019-1902070006, by the FWO under an Odysseus project GOH9718N, and by CyberSecurity Research Flanders with reference number VR20192203. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the ERC, ODNI, United States Air Force, IARPA, DARPA, the US Government or FWO. The US Government is authorized to reproduce and distribute reprints for governmental purposes notwithstanding any copyright annotation therein.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Nigel P. Smart.

Ethics declarations

Conflict of interest

Author Bonte declares no conflict of interest. Author Smart owns stock in UnboundTech a company working in this space. Author Tanguy did a summer internship at SRI within the last 2 years

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Bonte, C., Smart, N.P. & Tanguy, T. Thresholdizing HashEdDSA: MPC to the Rescue. Int. J. Inf. Secur. (2021). https://doi.org/10.1007/s10207-021-00539-6

Download citation

Keywords

  • Threshold cryptography
  • NIST standardization
  • MPC