Cryptology ePrint Archive: Report 2020/492

UC Non-Interactive, Proactive, Threshold ECDSA

Ran Canetti and Nikolaos Makriyannis and Udi Peled

Abstract: Building on the Gennaro & Goldfeder and Lindell & Nof protocols (CCS 18), we present a threshold ECDSA protocol, for any number of signatories and any threshold, that improves as follows over the state of the art:

* Signature generation takes only 4 rounds (down from the current 8 rounds), with a comparable computational cost. Furthermore, 3 of these rounds can take place in a preprocessing stage before the signed message is known, lending to a non-interactive threshold ECDSA protocol.

* The protocol withstands adaptive corruption of signatories. Furthermore, it includes a periodic refresh mechanism and offers full proactive security.

* The protocol realizes an ideal threshold signature functionality within the UC framework, in the global random oracle model, assuming Strong RSA, semantic security of the Paillier encryption, and a somewhat enhanced variant of existential unforgeability of ECDSA.

These properties (low latency, compatibility with cold-wallet architectures, proactive security, and composable security) make the protocol ideal for threshold wallets for ECDSA-based cryptocurrencies.

Category / Keywords: cryptographic protocols / ECDSA, proactive, composability, signatures, threshold cryptography, distributed cryptography

Date: received 27 Apr 2020, last revised 8 May 2020

Contact author: n makriyannis at gmail com,udi0peled@gmail com,canetti@bu edu

Available format(s): PDF | BibTeX Citation

Version: 20200508:063903 (All versions of this report)

Short URL: ia.cr/2020/492


[ Cryptology ePrint archive ]