UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts

@article{Canetti2020UCNP,
  title={UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts},
  author={Ran Canetti and Rosario Gennaro and Steven Goldfeder and Nikolaos Makriyannis and Udi Peled},
  journal={Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security},
  year={2020}
}
  • R. Canetti, R. Gennaro, Udi Peled
  • Published 30 October 2020
  • Computer Science, Mathematics
  • Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
Building on the Gennaro & Goldfeder and Lindell & Nof protocols (CCS '18), we present two threshold ECDSA protocols, for any number of signatories and any threshold, that improve as follows over the state of the art: -- For both protocols, only the last round requires knowledge of the message, and the other rounds can take place in a preprocessing stage, lending to a non-interactive threshold ECDSA protocol. -- Both protocols withstand adaptive corruption of signatories. Furthermore, they… 

Figures from this paper

UC Non-Interactive, Proactive, Threshold ECDSA
TLDR
This protocol realizes an ideal threshold signature functionality within the UC framework, in the global random oracle model, assuming Strong RSA, semantic security of the Paillier encryption, and a somewhat enhanced variant of existential unforgeability of ECDSA.
One Round Threshold ECDSA with Identifiable Abort
TLDR
A highly efficient protocol with a non-interactive online phase allowing for players to asynchronously participate in the protocol without the need to be online simultaneously, while adding significant functionality: identifiable abort and noninteractivity.
ROAST: Robust Asynchronous Schnorr Threshold Signatures
TLDR
This work proposes ROAST, a simple wrapper that turns a given threshold signature scheme into a scheme with a robust and asynchronous signing protocol, as long as the underlying signing protocol is semi-interactive and unforgeable under concurrent signing sessions.
On the Adaptive Security of the Threshold BLS Signature Scheme
TLDR
This work revisits the security of the threshold BLS signature by giving a modular security proof that follows a two-step approach and introduces a new security notion for distributed key generation protocols (DKG), which is satisfied by several protocols that previously only had a static security proof.
Stronger Security for Non-Interactive Threshold Signatures: BLS and FROST
TLDR
It is proved that BLS and FROST are better than advertised, meeting some of these stronger definitions, yet they fall short of meeting the authors' strongest definition, a gap that is filled for FROST via a simple enhancement to the scheme.
Efficient Online-friendly Two-Party ECDSA Signature
TLDR
This paper proposes an online-friendly two-party ECDSA with a lightweight online phase and a single multiplicative-to-additive function in the offline phase, constructed by a novel design of a re-sharing of the secret key and a linear sharing of the nonce.
Structure-Preserving Threshold Signatures
TLDR
This work introduces a notion and constructions of (non-) interactive SPTS, a variant of SPS that is parameterized by a message indexing function, and presents a message-indexed SPS, which is non-interactive threshold-friendly and proves its security in the random oracle model based on a variants of the generalized PS assumption.
Large-Scale Non-Interactive Threshold Cryptosystems in the YOSO Model
TLDR
This work formalizes and presents novel protocols for distributed key generation, threshold encryption, and signature schemes that guarantee security in large-scale environments in the YOSO model of communication.
Low-Bandwidth Threshold ECDSA via Pseudorandom Correlation Generators
TLDR
This protocol is the first one where the communication complexity of the preprocessing phase is only logarithmic in the number of ECDSA signatures to be produced later, and it achieves therefore a so-called silent preprocessing, and achieves active security against any number of arbitrarily corrupted parties.
A Provably-Unforgeable Threshold Schnorr Signature With an Offline Recovery Party
TLDR
A Schnorr multi-party digital signature scheme that supports an offline participant during the key-generation phase, without relying on a trusted third party, and is secure against adaptive malicious adversaries and capable of achieving the resiliency of the recovery in the presence of a malicious party.
...
...

References

SHOWING 1-10 OF 69 REFERENCES
UC Non-Interactive, Proactive, Threshold ECDSA
TLDR
This protocol realizes an ideal threshold signature functionality within the UC framework, in the global random oracle model, assuming Strong RSA, semantic security of the Paillier encryption, and a somewhat enhanced variant of existential unforgeability of ECDSA.
Fast Threshold ECDSA with Honest Majority
TLDR
This work proposes a threshold ECDSA protocol secure against an active adversary in the honest majority model with abort, which is efficient in terms of both computation and bandwidth usage, and it allows the parties to pre-process parts of the signing, such that once the message to sign becomes known, they can compute a secret sharing of the signature very efficiently, using only local operations.
Fast Secure Two-Party ECDSA Signing
TLDR
This paper considers the specific case of two parties (and thus no honest majority) and construct a protocol that is approximately two orders of magnitude faster than the previous best and is proven secure under standard assumptions using a game-based definition.
Proactive RSA with Non-interactive Signing
TLDR
The proactive RSA scheme presented shows that it is possible to have the best of both worlds: A highly practical non-interactive signature protocol and an ability to refresh the secret-sharing of the signature key.
Secure Two-party Threshold ECDSA from ECDSA Assumptions
TLDR
This work proposes new protocols for multi-party ECDSA key-generation and signing with a threshold of two, which prove secure against malicious adversaries in the random oracle model using only the Computational Diffie-Hellman Assumption and the assumptions already implied by E CDSA itself.
Bandwidth-efficient threshold EC-DSA
TLDR
A new variant of the Gennaro and Goldfeder protocol from ACM CCS 2018 that avoids all the required range proofs, while retaining provable security against malicious adversaries in the dishonest majority setting is presented.
Using Level-1 Homomorphic Encryption to Improve Threshold DSA Signatures for Bitcoin Wallet Security
TLDR
Recently Gennaro et al. (ACNS ’16) presented a threshold-optimal signature algorithm for DSA that requires six rounds which is already an improvement over the eight rounds of the classic threshold DSA of Gennario et al (Eurocrypt ’99) (which is not threshold optimal).
Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody
TLDR
This paper presents the first truly practical full threshold ECDSA signing protocol that has both fast signing and fast key distribution, which solves a years-old open problem, and opens the door to practical uses of threshold E CDSA signing that are in demand today.
Fast Multiparty Threshold ECDSA with Fast Trustless Setup
TLDR
This work is the first protocol that supports multiparty signatures for any $t łeq n$ with an efficient dealerless key generation and proves its scheme secure against malicious adversaries with a dishonest majority.
Threshold ECDSA for Decentralized Asset Custody
TLDR
A new threshold ECDSA protocol is proposed that improves upon the state-of-the-art solutions by enabling robustness and fault attributability during signature generation and improves the signing time and bandwidth of previous solutions.
...
...