Paper 2020/214

Thresholdizing HashEdDSA: MPC to the Rescue

Charlotte Bonte, Nigel P. Smart, and Titouan Tanguy

Abstract

Following recent comments in a NIST document related to threshold cryptographic standards, we examine the case of thresholdizing the HashEdDSA signature scheme. This is a deterministic signature scheme based on Edwards elliptic curves. Unlike DSA, it has a Schnorr like signature equation, which is an advantage for threshold implementations, but it has the disadvantage of having the ephemeral secret obtained by hashing the secret key and the message. We show that one can obtain relatively efficient implementations of threshold HashEdDSA with no modifications to the behaviour of the signing algorithm; we achieve this using a doubly-authenticated bit (daBit) generation protocol tailored for Q2 access structures, that is more efficient than prior work. However, if one was to modify the standard algorithm to use an MPC-friendly hash function, such as Rescue, the performance becomes very fast indeed.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Contact author(s)
nigel smart @ kuleuven be
titouan tanguy @ kuleuven be
charlotte bonte @ kuleuven be
History
2020-12-14: last of 4 revisions
2020-02-19: received
See all versions
Short URL
https://ia.cr/2020/214
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/214,
      author = {Charlotte Bonte and Nigel P.  Smart and Titouan Tanguy},
      title = {Thresholdizing {HashEdDSA}: {MPC} to the Rescue},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/214},
      year = {2020},
      url = {https://eprint.iacr.org/2020/214}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.