Cryptology ePrint Archive: Report 2018/987

Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody

Yehuda Lindell and Ariel Nof and Samuel Ranellucci

Abstract: ECDSA is a standardized signing algorithm that is widely used in TLS, code signing, cryptocurrency and more. Due to its importance, the problem of securely computing ECDSA in a distributed manner (known as threshold signing) has received considerable interest. However, despite this interest, there is still no full threshold solution for more than 2 parties (meaning that any $t$-out-of-$n$ parties can sign, security is preserved for any $t-1$ or fewer corrupted parties, and $t\leq n$ can be any value thus supporting an honest minority) that has practical key distribution. This is due to the fact that all previous solutions for this utilize Paillier homomorphic encryption, and efficient distributed Paillier key generation for more than two parties is not known.

In this paper, we present the first truly practical full threshold ECDSA signing protocol that has both fast signing and fast key distribution. This solves a years-old open problem, and opens the door to practical uses of threshold ECDSA signing that are in demand today. One of these applications is the construction of secure cryptocurrency wallets (where key shares are spread over multiple devices and so are hard to steal) and cryptocurrency custody solutions (where large sums of invested cryptocurrency are strongly protected by splitting the key between a bank/financial institution, the customer who owns the currency, and possibly a third-party trustee, in multiple shares at each). There is growing practical interest in such solutions, but prior to our work these could not be deployed today due to the need for distributed key generation.

Category / Keywords: cryptographic protocols / ECDSA, threshold cryptography

Original Publication (with major differences): ACM CCS 2018
DOI:
10.1145/3243734.3243788

Date: received 14 Oct 2018, last revised 14 Oct 2018

Contact author: lindell at biu ac il

Available format(s): PDF | BibTeX Citation

Version: 20181018:122733 (All versions of this report)

Short URL: ia.cr/2018/987


[ Cryptology ePrint archive ]