Paper 2020/492
UC Non-Interactive, Proactive, Threshold ECDSA
Ran Canetti, Nikolaos Makriyannis, and Udi Peled
Abstract
Building on the Gennaro & Goldfeder and Lindell & Nof protocols (CCS ’18), we present a threshold ECDSA protocol, for any number of signatories and any threshold, that improves as follows over the state of the art: * Signature generation takes only 4 rounds (down from the current 8 rounds), with a comparable computational cost. Furthermore, 3 of these rounds can take place in a preprocessing stage before the signed message is known, lending to a non-interactive threshold ECDSA protocol. * The protocol withstands adaptive corruption of signatories. Furthermore, it includes a periodic refresh mechanism and offers full proactive security. * The protocol realizes an ideal threshold signature functionality within the UC framework, in the global random oracle model, assuming Strong RSA, semantic security of the Paillier encryption, and a somewhat enhanced variant of existential unforgeability of ECDSA. These properties (low latency, compatibility with cold-wallet architectures, proactive security, and composable security) make the protocol ideal for threshold wallets for ECDSA-based cryptocurrencies.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- ECDSAproactivecomposabilitysignaturesthreshold cryptographydistributed cryptography
- Contact author(s)
-
n makriyannis @ gmail com
udi0peled @ gmail com
canetti @ bu edu - History
- 2021-10-21: last of 5 revisions
- 2020-04-28: received
- See all versions
- Short URL
- https://ia.cr/2020/492
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/492,
author = {Ran Canetti and Nikolaos Makriyannis and Udi Peled},
title = {{UC} Non-Interactive, Proactive, Threshold {ECDSA}},
howpublished = {Cryptology {ePrint} Archive, Paper 2020/492},
year = {2020},
url = {https://eprint.iacr.org/2020/492}
}
