Fast Secure Two-Party ECDSA Signing

@inproceedings{Lindell2017FastST,
  title={Fast Secure Two-Party ECDSA Signing},
  author={Yehuda Lindell},
  booktitle={CRYPTO},
  year={2017}
}
ECDSA is a standard digital signature schemes that is widely used in TLS, Bitcoin and elsewhere. Unlike other schemes like RSA, Schnorr signatures and more, it is particularly hard to construct efficient threshold signature protocols for ECDSA (and DSA). As a result, the best-known protocols today for secure distributed ECDSA require running heavy zero-knowledge proofs and computing many large-modulus exponentiations for every signing operation. In this paper, we consider the specific case of… Expand
Secure Two-party Threshold ECDSA from ECDSA Assumptions
TLDR
This work proposes new protocols for multi-party ECDSA key-generation and signing with a threshold of two, which prove secure against malicious adversaries in the random oracle model using only the Computational Diffie-Hellman Assumption and the assumptions already implied by E CDSA itself. Expand
Fast threshold ECDSA with honest majority
ECDSA is a widely adopted digital signature standard. A number of threshold protocols for ECDSA have been developed that let a set of parties jointly generate the secret signing key and computeExpand
Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody
TLDR
This paper presents the first truly practical full threshold ECDSA signing protocol that has both fast signing and fast key distribution, which solves a years-old open problem, and opens the door to practical uses of threshold E CDSA signing that are in demand today. Expand
Efficient Threshold-Optimal ECDSA
This paper proposes a threshold-optimal ECDSA scheme based on the first threshold signature scheme by Gennaro et al. with efficient non-interactive signing for any t + 1 signers in the group,Expand
A Multiparty Computation Approach to Threshold ECDSA
The Elliptic Curve Digital Signature Algorithm (ECDSA) is one of the most widely used schemes in deployed cryptography. Through its applications in code and binary authentication, web security, andExpand
Threshold ECDSA from ECDSA Assumptions: The Multiparty Case
TLDR
This work proposes an extension of Doerner et al.'s scheme to arbitrary thresholds, and proves it secure against a malicious adversary corrupting up to one party less than the threshold under only the Computational Diffie-Hellman assumption in the Random Oracle model, an assumption strictly weaker than those under which ECDSA is proven. Expand
Efficient and Secure Two-Party Distributed Signing Protocol for the GOST Signature Algorithm
TLDR
This paper proposes an efficient and secure two-party distributed signing protocol for the GOST signature algorithm, a Russian cryptographic standard algorithm, that allows a single private key to two mobile devices and generate a valid signature without reconstructing the entire private key. Expand
A provable-secure and practical two-party distributed signing protocol for SM2 signature algorithm
TLDR
This paper proposes an efficient and secure two-party distributed signing protocol for the SM2 signature algorithm, mandated by the Chinese government for all electronic commerce applications and proves that the protocol is secure under nonstandard assumption. Expand
Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations
TLDR
This paper generalizes Lindell’s solution using hash proof systems and results in a simulation-based security proof without resorting to non-standard interactive assumptions. Expand
Distributed signing protocol for IEEE P1363-compliant identity-based signature scheme
TLDR
This study presents the first distributed identity-based signing protocol for the global electronic commerce system, and proves that the proposed protocol is secure against a malicious adversary under the discrete logarithm and decisional Diffie–Hellman assumptions. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 36 REFERENCES
Highly-Efficient Universally-Composable Commitments based on the DDH Assumption
TLDR
This paper constructs highly efficient UC-secure commitments from the standard DDH assumption, in the common reference string model, where the latter construction has an effective additional cost of just 5 1/3 exponentiations. Expand
Using Level-1 Homomorphic Encryption to Improve Threshold DSA Signatures for Bitcoin Wallet Security
TLDR
Recently Gennaro et al. (ACNS ’16) presented a threshold-optimal signature algorithm for DSA that requires six rounds which is already an improvement over the eight rounds of the classic threshold DSA of Gennario et al (Eurocrypt ’99) (which is not threshold optimal). Expand
Threshold-Optimal DSA/ECDSA Signatures and an Application to Bitcoin Wallet Security
TLDR
This paper presents the first general threshold DSA scheme that does not require an honest majority and is useful for securing Bitcoin wallets, and presents a compelling application to use the scheme: securingBitcoin wallets. Expand
Efficient Secure Two-Party Protocols: Techniques and Constructions
The authors present a comprehensive study of efficient protocols and techniques for secure two-party computation both general constructions that can be used to securely compute any functionality, andExpand
Analysis and Improvement of Lindell's UC-Secure Commitment Schemes
TLDR
This work modifications the proof of the original paper and presents a more efficient commitment scheme secure in the UC framework, with the same level of security as Lindell's protocol: adaptive corruptions, with erasures. Expand
A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System
We propose a generalisation of Paillier's probabilistic public key system, in which the expansion factor is reduced and which allows to adjust the block length of the scheme even after the public keyExpand
Two-Party Generation of DSA Signatures
We describe a means of sharing the DSA signature function, so that two parties can efficiently generate a DSA signature with respect to a given public key but neither can alone. We focus on a certainExpand
Universally composable security: a new paradigm for cryptographic protocols
  • R. Canetti
  • Computer Science
  • Proceedings 2001 IEEE International Conference on Cluster Computing
  • 2001
TLDR
It is shown how to formulate universally composable definitions of security for practically any cryptographic task, and it is demonstrated that practically any such definition can be realized using known techniques, as long as only a minority of the participants are corrupted. Expand
Improving Practical UC-Secure Commitments Based on the DDH Assumption
At Eurocrypt 2011, Lindell presented practical static and adaptively UC-secure commitment schemes based on the DDH assumption. Later, Blazy eti¾?al. at ACNS 2013 improved the efficiency of theExpand
Security and Composition of Multiparty Cryptographic Protocols
  • R. Canetti
  • Computer Science, Mathematics
  • Journal of Cryptology
  • 2000
TLDR
In the computational model, this work provides the first definition of security of protocols that is shown to be preserved under composition, and follows the general paradigm of known definitions. Expand
...
1
2
3
4
...