Cryptology ePrint Archive: Report 2020/214

Thresholdizing HashEdDSA: MPC to the Rescue

Charlotte Bonte and Nigel P. Smart and Titouan Tanguy

Abstract: Following recent comments in a NIST document related to threshold cryptographic standards, we examine the case of thresholdizing the HashEdDSA signature scheme. This is a deterministic signature scheme based on Edwards elliptic curves. Unlike DSA, it has a Schnorr like signature equation, which is an advantage for threshold implementations, but it has the disadvantage of having the ephemeral secret obtained by hashing the secret key and the message. We show that one can obtain relatively efficient implementations of threshold HashEdDSA with no modifications to the behaviour of the signing algorithm; we achieve this using a doubly-authenticated bit (daBit) generation protocol tailored for Q2 access structures, that is more efficient than prior work. However, if one was to modify the standard algorithm to use an MPC-friendly hash function, such as Rescue, the performance becomes very fast indeed.

Category / Keywords: public-key cryptography /

Date: received 19 Feb 2020, last revised 6 Mar 2020

Contact author: nigel smart at kuleuven be,titouan tanguy@kuleuven be,charlotte bonte@kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20200306:090337 (All versions of this report)

Short URL: ia.cr/2020/214


[ Cryptology ePrint archive ]