Cryptology ePrint Archive: Report 2021/060

UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts

Ran Canetti and Rosario Gennaro and Steven Goldfeder and Nikolaos Makriyannis and Udi Peled

Abstract: Building on the Gennaro & Goldfeder and Lindell & Nof protocols (CCS '18), we present threshold ECDSA protocols, for any number of signatories and any threshold, that improve as follows over the state of the art:

* Only the last round of our protocols requires knowledge of the message, and the other rounds can take place in a preprocessing stage, lending to a non-interactive threshold ECDSA protocol.

* Our protocols withstand adaptive corruption of signatories. Furthermore, they include a periodic refresh mechanism and offer full proactive security.

* Our protocols realize an ideal threshold signature functionality within the UC framework, in the global random oracle model, assuming Strong RSA, DDH, semantic security of the Paillier encryption, and a somewhat enhanced variant of existential unforgeability of ECDSA.

* Both protocols achieve accountability by identifying corrupted signatories in case of failure to generate a valid signature.

The protocols provide a tradeoff between the number of rounds to generate a signature and the computational and communication overhead for the identification of corrupted signatories. Namely:

* For one protocol, signature generation takes only 4 rounds (down from the current state of the art of 8 rounds), but the identification process requires computation and communication that is quadratic in the number of parties.

* For the other protocol, the identification process requires computation and communication that is only linear in the number of parties, but signature generation takes 7 rounds.

These properties (low latency, compatibility with cold-wallet architectures, proactive security, identifiable abort and composable security) make the two protocols ideal for threshold wallets for ECDSA-based cryptocurrencies.

Category / Keywords: cryptographic protocols / composability, accountability, identifiable abort, signatures, threshold cryptography, distributed cryptography, multiparty computation, Blockchain, MPC, UC, malicious adversaries

Original Publication (with major differences): 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS'20)
DOI:
10.1145/3372297.3423367

Date: received 15 Jan 2021, last revised 15 Jan 2021

Contact author: n makriyannis at gmail com,udi0peled@gmail com,canetti@bu edu,goldfeder@cornell edu,rosario@cs ccny cuny edu

Available format(s): PDF | BibTeX Citation

Note: This work combines Canetti, Makriyannis & Peled (2020) and Gennaro & Goldfeder (2020). An extended abstract of this work appears in the proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS'20). Authors are listed in alphabetical order.

Version: 20210118:082423 (All versions of this report)

Short URL: ia.cr/2021/060


[ Cryptology ePrint archive ]