Paper 2017/552
Fast Secure Two-Party ECDSA Signing
Abstract
ECDSA is a standard digital signature schemes that is widely used in TLS, Bitcoin and elsewhere. Unlike other schemes like RSA, Schnorr signatures and more, it is particularly hard to construct efficient threshold signature protocols for ECDSA (and DSA). As a result, the best-known protocols today for secure distributed ECDSA require running heavy zero-knowledge proofs and computing many large-modulus exponentiations for every signing operation. In this paper, we consider the specific case of two parties (and thus no honest majority) and construct a protocol that is approximately two orders of magnitude faster than the previous best. Concretely, our protocol achieves good performance, with a single signing operation for curve P-256 taking approximately 37ms between two standard machine types in Azure (utilizing a single core only). Our protocol is proven secure for sequential composition under standard assumptions using a game-based definition. In addition, we prove security by simulation under a plausible yet non-standard assumption regarding Paillier. We show that partial concurrency (where if one execution aborts then all need to abort) can also be achieved.
Note: In the Journal of Cryptology, 34:44, 2021. This is the full version of the paper at CRYPTO 2017.
Metadata
- Available format(s)
-
PDF
- Publication info
- A major revision of an IACR publication in JOC 2021
- DOI
- 10.1007/s00145-021-09409-9
- Keywords
- distributed signingECDSADSAsecure computationconcrete efficiency
- Contact author(s)
- yehuda lindell @ gmail com
- History
- 2024-08-28: last of 13 revisions
- 2017-06-08: received
- See all versions
- Short URL
- https://ia.cr/2017/552
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/552,
author = {Yehuda Lindell},
title = {Fast Secure Two-Party {ECDSA} Signing},
howpublished = {Cryptology {ePrint} Archive, Paper 2017/552},
year = {2017},
doi = {10.1007/s00145-021-09409-9},
url = {https://eprint.iacr.org/2017/552}
}
