Advertisement

Fast Threshold ECDSA with Honest Majority

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12238)

Abstract

ECDSA is a widely adopted digital signature standard. A number of threshold protocols for ECDSA have been developed that let a set of parties jointly generate the secret signing key and compute signatures, without ever revealing the signing key. Threshold protocols for ECDSA have seen recent interest, in particular due to the need for additional security in cryptocurrency wallets where leakage of the signing key is equivalent to an immediate loss of money.

We propose a threshold ECDSA protocol secure against an active adversary in the honest majority model with abort. Our protocol is efficient in terms of both computation and bandwidth usage, and it allows the parties to pre-process parts of the signature, such that once the message to sign becomes known, the they can compute a secret sharing of the signature very efficiently, using only local operations. We also show how to obtain fairness in the online phase at the cost of some additional work in the pre-processing, i.e., such that it either aborts during pre-processing phase, in which case nothing is revealed, or the signature is guaranteed to be delivered to all honest parties.

References

  1. 1.
    Andresen, G.: BIP-11: M-of-n standard transactions. https://github.com/bitcoin/bips/blob/master/bip-0011.mediawiki. Accessed 15 Apr 2020
  2. 2.
    Beerliová-Trubíniová, Z., Hirt, M.: Perfectly-secure MPC with linear communication complexity. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 213–230. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78524-8_13CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Gennaro, R., Goldfeder, S.: Using level-1 homomorphic encryption to improve threshold DSA signatures for bitcoin wallet security. In: Lange, T., Dunkelman, O. (eds.) LATINCRYPT 2017. LNCS, vol. 11368, pp. 352–377. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-25283-0_19 CrossRefGoogle Scholar
  4. 4.
    Brown, D.R.L.: Generic groups, collision resistance, and ECDSA. Des. Codes Cryptography 35(1), 119–152 (2005).  https://doi.org/10.1007/s10623-003-6154-zMathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_2CrossRefGoogle Scholar
  6. 6.
    Castagnos, G., Catalano, D., Laguillaumie, F., Savasta, F., Tucker, I.: Two-party ECDSA from hash proof systems and efficient instantiations. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part III. LNCS, vol. 11694, pp. 191–221. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-26954-8_7CrossRefGoogle Scholar
  7. 7.
    Chida, K., et al.: Fast large-scale honest-majority MPC for malicious adversaries. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part III. LNCS, vol. 10993, pp. 34–64. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96878-0_2CrossRefGoogle Scholar
  8. 8.
    Cramer, R., Damgård, I., Ishai, Y.: Share conversion, pseudorandom secret-sharing and applications to secure computation. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 342–362. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-30576-7_19CrossRefGoogle Scholar
  9. 9.
    Dalskov, A.P.K., Keller, M., Orlandi, C., Shrishak, K., Shulman, H.: Securing DNSSEC keys via threshold ECDSA from generic MPC. IACR Cryptology ePrint Archive, vol. 2019, p. 889 (2019). https://eprint.iacr.org/2019/889
  10. 10.
    Damgård, I., Jakobsen, T.P., Nielsen, J.B., Pagter, J.I., Østergård, M.B.: Fast threshold ECDSA with honest majority. IACR Cryptology ePrint Archive, vol. 2020, p. 501 (2020). https://eprint.iacr.org/2020/501
  11. 11.
    Desmedt, Y.: Society and group oriented cryptography: a new concept. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 120–127. Springer, Heidelberg (1988).  https://doi.org/10.1007/3-540-48184-2_8CrossRefGoogle Scholar
  12. 12.
    Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, New York (1990).  https://doi.org/10.1007/0-387-34805-0_28CrossRefGoogle Scholar
  13. 13.
    Doerner, J., Kondi, Y., Lee, E., Shelat, A.: Secure two-party threshold ECDSA from ECDSA assumptions. In: 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, San Francisco, California, USA, 21–23 May 2018, pp. 980–997. IEEE Computer Society (2018).  https://doi.org/10.1109/SP.2018.00036
  14. 14.
    Doerner, J., Kondi, Y., Lee, E., Shelat, A.: Threshold ECDSA from ECDSA assumptions: the multiparty case. In: 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, 19–23 May 2019, pp. 1051–1066. IEEE (2019).  https://doi.org/10.1109/SP.2019.00024
  15. 15.
    Furukawa, J., Lindell, Y., Nof, A., Weinstein, O.: High-throughput secure three-party computation for malicious adversaries and an honest majority. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part II. LNCS, vol. 10211, pp. 225–255. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56614-6_8CrossRefGoogle Scholar
  16. 16.
    Gennaro, R., Goldfeder, S.: Fast multiparty threshold ECDSA with fast trustless setup. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, 15–19 October 2018, pp. 1179–1194. ACM (2018).  https://doi.org/10.1145/3243734.3243859
  17. 17.
    Gennaro, R., Goldfeder, S., Narayanan, A.: Threshold-optimal DSA/ECDSA signatures and an application to bitcoin wallet security. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 156–174. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-39555-5_9CrossRefzbMATHGoogle Scholar
  18. 18.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 354–371. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68339-9_31CrossRefGoogle Scholar
  19. 19.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_21CrossRefGoogle Scholar
  20. 20.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. Inf. Comput. 164(1), 54–84 (2001).  https://doi.org/10.1006/inco.2000.2881MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Johnson, D., Menezes, A., Vanstone, S.A.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Sec. 1(1), 36–63 (2001).  https://doi.org/10.1007/s102070100002CrossRefGoogle Scholar
  22. 22.
    Katz, J., Lindell, Y.: Introduction to Modern Cryptography, 2nd edn. CRC Press, Boca Raton (2014)CrossRefGoogle Scholar
  23. 23.
    Kerry, C.F., Secretary, A., Director, C.R.: FIPS PUB 186-4: Digital Signature Standard (DSS), July 2013. http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
  24. 24.
    Lindell, Y.: Fast secure two-party ECDSA signing. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part II. LNCS, vol. 10402, pp. 613–644. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63715-0_21CrossRefGoogle Scholar
  25. 25.
    Lindell, Y., Nof, A.: A framework for constructing fast MPC over arithmetic circuits with malicious adversaries and an honest-majority. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, 30 October–03 November 2017, pp. 259–276. ACM (2017).  https://doi.org/10.1145/3133956.3133999
  26. 26.
    Lindell, Y., Nof, A.: Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, 15–19 October 2018, pp. 1837–1854. ACM (2018).  https://doi.org/10.1145/3243734.3243788
  27. 27.
    MacKenzie, P., Reiter, M.K.: Two-party generation of DSA signatures. Int. J. Inf. Secur. 2(3), 218–239 (2004).  https://doi.org/10.1007/s10207-004-0041-0CrossRefzbMATHGoogle Scholar
  28. 28.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992).  https://doi.org/10.1007/3-540-46766-1_9CrossRefGoogle Scholar
  29. 29.
    Perrin, T.: The noise protocol framework (2015). http://www.noiseprotocol.org
  30. 30.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979).  https://doi.org/10.1145/359168.359176. http://doi.acm.org/10.1145/359168.359176MathSciNetCrossRefzbMATHGoogle Scholar
  31. 31.
    Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-45539-6_15CrossRefGoogle Scholar
  32. 32.
    Smart, N.P., Talibi Alaoui, Y.: Distributing any elliptic curve based protocol. In: Albrecht, M. (ed.) IMACC 2019. LNCS, vol. 11929, pp. 342–366. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-35199-1_17CrossRefGoogle Scholar
  33. 33.
    Stinson, D.R., Strobl, R.: Provably secure distributed Schnorr signatures and a (t, n) threshold scheme for implicit certificates. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 417–434. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-47719-5_33CrossRefzbMATHGoogle Scholar
  34. 34.
    Wuille, P.: BIP-32: hierarchical deterministic wallets. https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki. Accessed 15 Apr 2020

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Aarhus UniversityAarhusDenmark
  2. 2.SepiorAarhusDenmark

Personalised recommendations