Skip to main content

Tweakable \(\mathcal {S}_{\text{ leeve }}\): A Novel \(\mathcal {S}_{\text{ leeve }}\) Construction Based on Tweakable Hash Functions

  • Conference paper
  • First Online:
Mathematical Research for Blockchain Economy (MARBLE 2022)

Abstract

Recently, Chaum et al. (ACNS’21) introduced \(\mathcal {S}_{\text{ leeve }}\), which describes an extra security layer for signature schemes, i.e., ECDSA. This distinctive feature is a new key generation mechanism, allowing users to generate a “back up key” securely nested inside the secret key of a signature scheme. Using this novel construction, the “back up key”, which is secret, can be used to generate a “proof of ownership”, i.e., only the rightful owner of this secret key can generate such a proof. This design offers a quantum secure fallbacki.e., a brand new quantum resistant signature, ready to be used, nested in the ECDSA secret key. In this work, we rely on the original \(\mathcal {S}_{\text{ leeve }}\) definition to generalize the construction to a modular design based on Tweakable Hash Functions, thus yielding a cleaner design of the primitive. Furthermore, we provide a thorough security analysis taking into account the security of the ECDSA signature scheme, which is lacking in the original work. Finally, we provide an analysis based on formal methods using Verifpal assuring the security guarantees our construction provides.

This work was supported by JSPS KAKENHI Grant Number JP21K11882.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    For a complete list of the supported schemes, we refer the reader to the full list in [14].

References

  1. Aranha, D. F., Novaes, F. R., Takahashi, A., Tibouchi, M., & Yarom, Y. (2020). Ladderleak: Breaking ecdsa with less than one bit of nonce leakage. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (pp. 225–242). New York, NY, USA: CCS ’20, Association for Computing Machinery.

    Google Scholar 

  2. Badertscher, C., Gazi, P., Kiayias, A., Russell, A., & Zikas, V. (2018). Ouroboros genesis: Composable proof-of-stake blockchains with dynamic availability. In D. Lie, M. Mannan, M. Backes, & X. Wang (Eds.), ACM CCS (pp. 913–930). ACM Press. https://doi.org/10.1145/3243734.3243848.

  3. Bernstein, D. J., Hülsing, A., Kölbl, S., Niederhagen, R., Rijneveld, J., & Schwabe, P. (2019). The SPHINCS\(^+\) signature framework. In L. Cavallaro, J. Kinder, X. Wang, & J. Katz (Eds.), ACM CCS (pp. 2129–2146). ACM Press. https://doi.org/10.1145/3319535.3363229.

  4. Mnemonic code for generating deterministic keys. Accessed September 10, 2021, from https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki.

  5. Mnemonic code converter. Accessed September 10, 2021, from https://iancoleman.io/bip39/.

  6. Brown, D. (2005). On the provable security of ECDSA, pp. 21–40. London Mathematical Society Lecture Note Series, Cambridge University Press.

    Google Scholar 

  7. Brown, D. R. (2005). Generic groups, collision resistance, and ecdsa. vol. 35, pp. 119–152. Springer.

    Google Scholar 

  8. Chaum, D., Larangeira, M., Yaksetig, M., & Carter, W. (2021). Wots+ up my sleeve! a hidden secure fallback for cryptocurrency wallets. In International Conference on Applied Cryptography and Network Security (pp. 195–219). Springer.

    Google Scholar 

  9. Chen, L. (2022). Recommendation for key derivation using pseudorandom functions-revision 1. NIST special publication. Accessed February 20, 2022, from https://doi.org/10.6028/NIST.SP.800-108r1-draft.

  10. Dahmen, E., Okeya, K., Takagi, T., & Vuillaume, C. (2008). Digital signatures out of second-preimage resistant hash functions. In J. Buchmann, & J. Ding (Eds.), Post-quantum Cryptography, Second International Workshop, PQCRYPTO (pp. 109–123). Heidelberg: Springer. https://doi.org/10.1007/978-3-540-88403-3_8.

  11. David, B., Gazi, P., Kiayias, A., & Russell, A. (2018). Ouroboros praos: An adaptively-secure, semi-synchronous proof-of-stake blockchain. In: J. B. Nielsen, & V. Rijmen (Eds.), EUROCRYPT, Part II. LNCS (vol. 10821, pp. 66–98). Heidelberg: Springer. https://doi.org/10.1007/978-3-319-78375-8_3.

  12. Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.

    Article  Google Scholar 

  13. Fersch, M., Kiltz, E., & Poettering, B. (2016). On the provable security of (ec)dsa signatures. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (pp. 1651–1662). New York, NY, USA: CCS ’16, Association for Computing Machinery.

    Google Scholar 

  14. Fersch, M., Kiltz, E., & Poettering, B. (2017). On the one-per-message unforgeability of (EC)DSA and its variants. In: Y. Kalai, & L. Reyzin (Eds.), TCC 2017, Part II. LNCS (vol. 10678, pp. 519–534). Heidelberg: Springer https://doi.org/10.1007/978-3-319-70503-3_17.

  15. Golang implementation of the bip39 spec. Accessed September 10, 2021, from https://godoc.org/github.com/tyler-smith/go-bip39.

  16. Hülsing, A. (2013). W-OTS+ - shorter signatures for hash-based signature schemes. In A. Youssef, A. Nitaj, & A. E. Hassanien (Eds.), AFRICACRYPT 13. LNCS (vol. 7918, pp. 173–188). Heidelberg: Springer. https://doi.org/10.1007/978-3-642-38553-7_10.

  17. Ilie, D. I., Karantias, K., & Knottenbelt, W. J. (2020). Bitcoin crypto-bounties for quantum capable adversaries. Cryptology ePrint Archive, Paper 2020/186. https://eprint.iacr.org/2020/186.

  18. Ilie, D. I., Knottenbelt, W. J., & Stewart, I. (2020). Committing to quantum resistance, better: A speed-and-risk-configurable defence for bitcoin against a fast quantum computing attack. Cryptology ePrint Archive, Paper 2020/187. https://eprint.iacr.org/2020/187.

  19. Kiayias, A., Russell, A., David, B., & Oliynykov, R. (2017). Ouroboros: A provably secure proof-of-stake blockchain protocol. In: J. Katz, & H. Shacham (Eds.), CRYPTO 2017, Part I. LNCS (vol. 10401, pp. 357–388). Heidelberg: Springer. https://doi.org/10.1007/978-3-319-63688-7_12.

  20. Kobeissi, N. (2021). Verifpal: Cryptographic Protocol Analysis for Students and Engineers. Accessed August 5, 2021, from https://verifpal.com.

  21. Kobeissi, N., Nicolas, G., & Tiwari, M. (2020). Verifpal: Cryptographic protocol analysis for the real world. In Proceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop (p. 159). New York, NY, USA: CCSW’20, Association for Computing Machinery.

    Google Scholar 

  22. Nakamoto, S. (2009). Bitcoin: A peer-to-peer electronic cash system. http://www.bitcoin.org/bitcoin.pdf.

  23. Sleeve. (2022). Accessed February 21, 2022, from https://github.com/xx-labs/sleeve/tree/main/verifpal_model.

  24. Trinity attack incident part 1: Summary and next steps. Accessed September 22, 2020, from https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8.

  25. Wood, G. (2014). Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper, 151, 1–32.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Mario Larangeira .

Editor information

Editors and Affiliations

A High-level Diagram of the Tweakable \(\mathcal {S}_{\text{ leeve }}\) Construction

A High-level Diagram of the Tweakable \(\mathcal {S}_{\text{ leeve }}\) Construction

This section exposes a high-level diagram of the sequence of performed steps in the key generation component of the \(\mathcal {S}_{\text{ leeve }}\) construction (Fig. 2).

Fig. 2
figure 2

\(\mathcal {S}_{\text{ leeve }}\) high-level diagram of the key generation

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chaum, D., Larangeira, M., Yaksetig, M. (2023). Tweakable \(\mathcal {S}_{\text{ leeve }}\): A Novel \(\mathcal {S}_{\text{ leeve }}\) Construction Based on Tweakable Hash Functions. In: Pardalos, P., Kotsireas, I., Guo, Y., Knottenbelt, W. (eds) Mathematical Research for Blockchain Economy. MARBLE 2022. Lecture Notes in Operations Research. Springer, Cham. https://doi.org/10.1007/978-3-031-18679-0_10

Download citation

Publish with us

Policies and ethics