Fast Secure Two-Party ECDSA Signing

  title={Fast Secure Two-Party ECDSA Signing},
  author={Yehuda Lindell},
  journal={Journal of Cryptology},
  • Yehuda Lindell
  • Published 20 August 2017
  • Computer Science, Mathematics
  • Journal of Cryptology
ECDSA is a standard digital signature scheme that is widely used in TLS, Bitcoin and elsewhere. Unlike other schemes like RSA, Schnorr signatures and more, it is particularly hard to construct efficient threshold signature protocols for ECDSA (and DSA). As a result, the best-known protocols today for secure distributed ECDSA require running heavy zero-knowledge proofs and computing many large-modulus exponentiations for every signing operation. In this paper, we consider the specific case of… 

Fast Threshold ECDSA with Honest Majority

This work proposes a threshold ECDSA protocol secure against an active adversary in the honest majority model with abort, which is efficient in terms of both computation and bandwidth usage, and it allows the parties to pre-process parts of the signing, such that once the message to sign becomes known, they can compute a secret sharing of the signature very efficiently, using only local operations.

Secure Two-party Threshold ECDSA from ECDSA Assumptions

This work proposes new protocols for multi-party ECDSA key-generation and signing with a threshold of two, which prove secure against malicious adversaries in the random oracle model using only the Computational Diffie-Hellman Assumption and the assumptions already implied by E CDSA itself.

Simple Three-Round Multiparty Schnorr Signing with Full Simulatability

  • Yehuda Lindell
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2022
A simple three-round multiparty protocol for Schnorr signatures that is fully simulatable, secure under concurrent composition, and proven secure in the standard model or random-oracle model (depending on the instantiations of the commitment and zero-knowledge primitives).

Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody

This paper presents the first truly practical full threshold ECDSA signing protocol that has both fast signing and fast key distribution, which solves a years-old open problem, and opens the door to practical uses of threshold E CDSA signing that are in demand today.

Efficient Threshold-Optimal ECDSA

This paper proposes a threshold-optimal ECDSA scheme based on the first threshold signature scheme by Gennaro et al. with efficient non-interactive signing for any t + 1 signers in the group,

A Multiparty Computation Approach to Threshold ECDSA

New protocols for multi-party ECDSA key-generation and signing with arbitrary thresholds, that are secure against malicious adversaries in the Random Oracle Model assuming only the Computational Diffie-Hellman Assumption are reported on.

Threshold ECDSA from ECDSA Assumptions: The Multiparty Case

This work proposes an extension of Doerner et al.'s scheme to arbitrary thresholds, and proves it secure against a malicious adversary corrupting up to one party less than the threshold under only the Computational Diffie-Hellman assumption in the Random Oracle model, an assumption strictly weaker than those under which ECDSA is proven.

On the Adaptive Security of the Threshold BLS Signature Scheme

This work revisits the security of the threshold BLS signature by giving a modular security proof that follows a two-step approach and introduces a new security notion for distributed key generation protocols (DKG), which is satisfied by several protocols that previously only had a static security proof.

A provable-secure and practical two-party distributed signing protocol for SM2 signature algorithm

This paper proposes an efficient and secure two-party distributed signing protocol for the SM2 signature algorithm, mandated by the Chinese government for all electronic commerce applications and proves that the protocol is secure under nonstandard assumption.

Compact Zero-Knowledge Proofs for Threshold ECDSA with Trustless Setup

This paper proposes compact zero-knowledge proofs for threshold ECDSA to lower the communication bandwidth, as well as the computation cost, and proposes an all-rounded performance improvement for the key generation algorithm.



Highly-Efficient Universally-Composable Commitments based on the DDH Assumption

  • Yehuda Lindell
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2011
This paper constructs highly efficient UC-secure commitments from the standard DDH assumption, in the common reference string model, where the latter construction has an effective additional cost of just 5 1/3 exponentiations.

Using Level-1 Homomorphic Encryption to Improve Threshold DSA Signatures for Bitcoin Wallet Security

Recently Gennaro et al. (ACNS ’16) presented a threshold-optimal signature algorithm for DSA that requires six rounds which is already an improvement over the eight rounds of the classic threshold DSA of Gennario et al (Eurocrypt ’99) (which is not threshold optimal).

Efficient Secure Two-Party Protocols: Techniques and Constructions

The authors present a comprehensive study of efficient protocols and techniques for secure two-party computation both general constructions that can be used to securely compute any functionality, and

Threshold-Optimal DSA/ECDSA Signatures and an Application to Bitcoin Wallet Security

This paper presents the first general threshold DSA scheme that does not require an honest majority and is useful for securing Bitcoin wallets, and presents a compelling application to use the scheme: securingBitcoin wallets.

Analysis and Improvement of Lindell's UC-Secure Commitment Schemes

This work modifications the proof of the original paper and presents a more efficient commitment scheme secure in the UC framework, with the same level of security as Lindell's protocol: adaptive corruptions, with erasures.

A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System

We propose a generalisation of Paillier's probabilistic public key system, in which the expansion factor is reduced and which allows to adjust the block length of the scheme even after the public key

Robust Threshold DSS Signatures

This work presents threshold DSS (digital signature standard) signatures where the power to sign is shared by n players such that for a given parameter t there is a consensus that n players should have the right to sign.

Security and Composition of Multiparty Cryptographic Protocols

  • R. Canetti
  • Computer Science, Mathematics
    Journal of Cryptology
  • 2000
In the computational model, this work provides the first definition of security of protocols that is shown to be preserved under composition, and follows the general paradigm of known definitions.

Two-party generation of DSA signatures

We describe a means of sharing the DSA signature function, so that two parties can efficiently generate a DSA signature with respect to a given public key but neither can alone. We focus on a certain

Improving Practical UC-Secure Commitments Based on the DDH Assumption

At Eurocrypt 2011, Lindell presented practical static and adaptively UC-secure commitment schemes based on the DDH assumption. Later, Blazy eti¾?al. at ACNS 2013 improved the efficiency of the