Paper 2022/1450

Deterministic Wallets for Adaptor Signatures

Andreas Erwig, TU Darmstadt
Siavash Riahi, TU Darmstadt
Abstract

Adaptor signatures are a new cryptographic primitive that binds the authentication of a message to the revelation of a secret value. In recent years, this primitive has gained increasing popularity both in academia and practice due to its versatile use-cases in different Blockchain applications such as atomic swaps and payment channels. The security of these applications, however, crucially relies on users storing and maintaining the secret values used by adaptor signatures in a secure way. For standard digital signature schemes, cryptographic wallets have been introduced to guarantee secure storage of keys and execution of the signing procedure. However, no prior work has considered cryptographic wallets for adaptor signatures. In this work, we introduce the notion of adaptor wallets. Adaptor wallets allow parties to securely use and maintain adaptor signatures in the Blockchain setting. Our adaptor wallets are both deterministic and operate in the hot/cold paradigm, which was first formalized by Das et al. (CCS 2019) for standard signature schemes. We introduce a new cryptographic primitive called adaptor signatures with rerandomizable keys, and use it to generically construct adaptor wallets. We further show how to instantiate adaptor signatures with rerandomizable keys from the ECDSA signature scheme and discuss that they can likely be built for Schnorr and Katz-Wang schemes as well. Finally, we discuss the limitations of the existing ECDSA- and Schnorr-based adaptor signatures w.r.t. deterministic wallets in the hot/cold setting and prove that it is impossible to overcome these drawbacks given the current state-of-the-art design of adaptor signatures.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. ESORICS 2022
DOI
10.1007/978-3-031-17146-8_24
Keywords
Adaptor SignaturesDeterministic WalletsBlockchain
Contact author(s)
andreas erwig @ tu-darmstadt de
siavash riahi @ tu-darmstadt de
History
2023-07-08: revised
2022-10-24: received
See all versions
Short URL
https://ia.cr/2022/1450
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1450,
      author = {Andreas Erwig and Siavash Riahi},
      title = {Deterministic Wallets for Adaptor Signatures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1450},
      year = {2022},
      doi = {10.1007/978-3-031-17146-8_24},
      url = {https://eprint.iacr.org/2022/1450}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.