Paper 2020/1345

Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments

Erkan Tairi, Pedro Moreno-Sanchez, and Matteo Maffei


Adaptor signatures (AS) are an extension of digital signatures that enable the encoding of a cryptographic hard problem (e.g., discrete logarithm) within the signature itself. An AS scheme ensures that (i) the signature can be created only by the user knowing the solution to the cryptographic problem; (ii) the signature reveals the solution itself; (iii) the signature can be verified with the standard verification algorithm. These properties have made AS a salient building block for many blockchain applications, in particular, off-chain payment systems such as payment-channel networks, payment-channel hubs, atomic swaps or discrete log contracts. Current AS constructions, however, are not secure against adversaries with access to a quantum computer. In this work, we present IAS, a construction for adaptor signatures that relies on standard cryptographic assumptions for isogenies, and builds upon the isogeny-based signature scheme CSI-FiSh. We formally prove the security of IAS against a quantum adversary. We have implemented IAS and our evaluation shows that IAS can be incorporated into current blockchains while requiring $\sim1500$ bytes of storage size on-chain and $\sim140$ milliseconds for digital signature verification. We also show how IAS can be seamlessly leveraged to build post-quantum off-chain payment applications without harming their security and privacy.

Available format(s)
Publication info
Published elsewhere. MAJOR revision.Financial Cryptography and Data Security 2021
blockchaindigital signatureadaptor signaturepost-quantum
Contact author(s)
erkan tairi @ tuwien ac at
pedro moreno @ imdea org
matteo maffei @ tuwien ac at
2021-03-23: last of 3 revisions
2020-10-29: received
See all versions
Short URL
Creative Commons Attribution


      author = {Erkan Tairi and Pedro Moreno-Sanchez and Matteo Maffei},
      title = {Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1345},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.