Cryptology ePrint Archive: Report 2020/1345

Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments

Erkan Tairi and Pedro Moreno-Sanchez and Matteo Maffei

Abstract: Adaptor signatures (AS) are an extension of digital signatures that enable the encoding of a cryptographic hard problem (e.g., discrete logarithm) within the signature itself. An AS scheme ensures that (i) the signature can be created only by the user knowing the solution to the cryptographic problem; (ii) the signature reveals the solution itself; (iii) the signature can be verified with the standard verification algorithm. These properties have made AS a salient building block for many blockchain applications, in particular, off-chain payment systems such as payment-channel networks, payment-channel hubs, atomic swaps or discrete log contracts. Current AS constructions, however, are not secure against adversaries with access to a quantum computer.

In this work, we present IAS, a construction for adaptor signatures that relies on standard cryptographic assumptions for isogenies, and builds upon the isogeny-based signature scheme CSI-FiSh. We formally prove the security of IAS against a quantum adversary. We have implemented IAS and our evaluation shows that IAS can be incorporated into current blockchains while requiring $\sim1500$ bytes of storage size on-chain and $\sim140$ milliseconds for digital signature verification. We also show how IAS can be seamlessly leveraged to build post-quantum off-chain payment applications without harming their security and privacy.

Category / Keywords: applications / blockchain, adaptor signature, post-quantum

Original Publication (with major differences): Financial Cryptography and Data Security 2021

Date: received 26 Oct 2020, last revised 27 Jan 2021

Contact author: erkan tairi at tuwien ac at, pedro moreno@imdea org, matteo maffei@tuwien ac at

Available format(s): PDF | BibTeX Citation

Version: 20210127:111535 (All versions of this report)

Short URL: ia.cr/2020/1345