Cryptology ePrint Archive: Report 2021/664

A Trustless GQ Multi-Signature Scheme with Identifiable Abort

Handong Cui and Tsz Hon Yuen

Abstract: Guillou-Quisquater (GQ) signature is an efficient RSA-based digital signature scheme amongst the most famous Fiat-Shamir follow-ons owing to its good simplicity. However, there exist two bottlenecks for GQ hindering its application in industry or academia: the RSA trapdoor $n=pq$ in the key generation phase and its high bandwidth caused by the storage-consuming representation of RSA group elements (3072 bits per one element in 128-bit security).

In this paper, we first formalize the definition and security proof of class group based GQ signature (CL-GQ), which eliminates the trapdoor in key generation phase and improves the bandwidth efficiency from the RSA-based GQ signature. Then, we construct a trustless GQ multi-signature scheme by applying non-malleable equivocable commitments and our well-designed compact non-interactive zero-knowledge proofs (NIZK). Our scheme has a well-rounded performance compared to existing multiparty GQ, Schnorr and ECDSA schemes, in the aspects of bandwidth (no range proof or multiplication-to-addition protocol required), rather few interactions (only 4 rounds in signing), provable security in \textit{dishonest majority model} and identifiable abort property. Another interesting finding is that, our NIZK is highly efficient (only one round required) by using the Bezout formula, and this trick can also optimize the ZK proof of Paillier ciphertext which greatly improves the speed of Yi's Blind ECDSA (AsiaCCS 2019).

Category / Keywords: cryptographic protocols / Guillou-Quisquater signature, multi-signature, zero-knowledge proof, remove trusted setup

Original Publication (with major differences): ACISP 2021

Date: received 21 May 2021, last revised 13 Jun 2021

Contact author: hdcui at cs hku hk, thyuen at cs hku hk

Available format(s): PDF | BibTeX Citation

Version: 20210613:153206 (All versions of this report)

Short URL: ia.cr/2021/664


[ Cryptology ePrint archive ]