Cryptology ePrint Archive: Report 2019/514

Pixel: Multi-signatures for Consensus

Manu Drijvers and Sergey Gorbunov and Gregory Neven and Hoeteck Wee

Abstract: In Proof-of-Stake (PoS) and permissioned blockchains, a committee of verifiers agrees and sign every new block of transactions. These blocks are validated, propagated, and stored by all users in the network. However, posterior corruptions pose a common threat to these designs, because the adversary can corrupt committee verifiers after they certified a block and use their signing keys to certify a different block. Designing efficient and secure digital signatures for use in PoS blockchains can substantially reduce bandwidth, storage and computing requirements from nodes, thereby enabling more efficient applications.

We present Pixel, a pairing-based forward-secure multi-signature scheme optimized for use in blockchains, that achieves substantial savings in bandwidth, storage requirements, and verification effort. Pixel signatures consist of two group elements, regardless of the number of signers, can be verified using three pairings and one exponentiation, and support non-interactive aggregation of individual signatures into a multi-signature. Pixel signatures are also forward-secure and let signers evolve their keys over time, such that new keys cannot be used to sign on old blocks, protecting against posterior corruptions attacks on blockchains. We show how to integrate Pixel into any PoS blockchain. Next, we evaluate Pixel in a real-world PoS blockchain implementation, showing that it yields notable savings in storage, bandwidth, and block verification time. In particular, Pixel signatures reduce the size of blocks with 1500 transactions by 35% and reduce block verification time by 38%.

Category / Keywords: public-key cryptography / multi-signature, forward security, blockchain, aggregate signature, consensus, algorand

Date: received 17 May 2019, last revised 3 Dec 2019

Contact author: manu at dfinity org, sergey at algorand com, hoeteck at algorand com, gregory at dfinity org

Available format(s): PDF | BibTeX Citation

Note: Merge of ePrint reports 2019/261 and 2019/269

Version: 20191203:180332 (All versions of this report)

Short URL: ia.cr/2019/514


[ Cryptology ePrint archive ]