UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts

Ran Canetti; Rosario Gennaro; Steven Goldfeder; Nikolaos Makriyannis; Udi Peled

Paper 2021/060

UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts

Ran Canetti, Boston University

Rosario Gennaro, City University of New York

Steven Goldfeder, Cornell Tech/Offchain Labs

Nikolaos Makriyannis, Fireblocks

Udi Peled, Fireblocks

Abstract

We present a distributed ECDSA protocol, for any number of signatories. The protocol improves on that of the authors (CCS'20), which in turn builds on the Gennaro & Goldfeder and Lindell & Nof protocols (CCS '18). Specifically: ** Only the last round of the protocol requires knowledge of the message, and the other rounds can take place in a preprocessing stage, lending to a non-interactive threshold ECDSA protocol. ** The protocol withstands adaptive corruption of signatories. Furthermore, it includes a periodic refresh mechanism and guarantees proactive security. ** The protocol achieves accountability by identifying corrupted signatories in case of failure to generate a valid signature. (Identifiable abort) Furthermore, we formulate a distributed signature ideal functionality within the UC framework that guarantees unforgeability, proactive security, and identifiable abort, and show that the protocol realizes this functionality in the global random oracle model, assuming Strong RSA, DDH, semantic security of the Paillier encryption, and a somewhat enhanced variant of existential unforgeability of ECDSA. This combination of properties (low latency, compatibility with cold-wallet architectures, proactive security, identifiable abort and universally composable security) make our protocol a good fit for threshold wallets for ECDSA-based cryptocurrencies.

Note: An extended abstract of this work appears in the proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS'20). This is an updated version.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Published elsewhere. Major revision. 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS'20)
DOI: 10.1145/3372297.3423367
Keywords: composability accountability identifiable abort signatures threshold cryptography distributed cryptography multiparty computation Blockchain MPC UC malicious adversaries
Contact author(s): canetti @ bu edu
rosario @ cs ccny cuny edu
goldfeder @ cornell edu
n makriyannis @ gmail com
udi0peled @ gmail com
History: 2024-10-21: last of 4 revisions; 2021-01-18: received; See all versions
Short URL: https://ia.cr/2021/060
License: CC BY

BibTeX

@misc{cryptoeprint:2021/060,
      author = {Ran Canetti and Rosario Gennaro and Steven Goldfeder and Nikolaos Makriyannis and Udi Peled},
      title = {{UC} Non-Interactive, Proactive, Threshold {ECDSA} with Identifiable Aborts},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/060},
      year = {2021},
      doi = {10.1145/3372297.3423367},
      url = {https://eprint.iacr.org/2021/060}
}