### One Round Threshold ECDSA with Identifiable Abort

Rosario Gennaro and Steven Goldfeder

##### Abstract

Threshold ECDSA signatures have received much attention in recent years due to the widespread use of ECDSA in cryptocurrencies. While various protocols now exist that admit efficient distributed key generation and signing, these protocols have two main drawbacks. Firstly, if a player misbehaves, the protocol will abort, but all current protocols give no way to detect which player is responsible for the abort. In distributed settings, this can be catastrophic as any player can cause the protocol to fail without any consequence. General techniques to realize dishonest-majority MPC with identifiable abort add a prohibitive overhead, but we show how to build a tailored protocol for threshold ECDSA with minimal overhead. Secondly, current threshold ECDSA protocols (that do not rely on generic MPC) have numerous rounds of interaction. We present a highly efficient protocol with a non-interactive online phase allowing for players to asynchronously participate in the protocol without the need to be online simultaneously. We benchmark our protocols and find that our protocol simultaneously reduces the rounds and computations of current protocols, while adding significant functionality: identifiable abort and noninteractivity.

Note: Second Revisions fixes issues with the multiplicative to additive share conversion protocol. First Revision fixes a typo in the malicious player identification protocol, and a typo in the evaluation graph, and a confusing sentence in the introduction.

Available format(s)
Category
Cryptographic protocols
Publication info
Published elsewhere. MAJOR revision.ACM CCS 2020 (as a joint paper)
Keywords
threshold ECDSAthreshold signaturesidentifiable abort
Contact author(s)
goldfeder @ cornell edu
History
2021-12-17: last of 3 revisions
See all versions
Short URL
https://ia.cr/2020/540

CC BY

BibTeX

@misc{cryptoeprint:2020/540,
author = {Rosario Gennaro and Steven Goldfeder},
title = {One Round Threshold ECDSA with Identifiable Abort},
howpublished = {Cryptology ePrint Archive, Paper 2020/540},
year = {2020},
note = {\url{https://eprint.iacr.org/2020/540}},
url = {https://eprint.iacr.org/2020/540}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.