Paper 2022/1623

WOTSwana: A Generalized Sleeve Construction for Multiple Proofs of Ownership

David Chaum, xx labs
Mario Larangeira, Tokyo Institute of Technology, IOHK
Mario Yaksetig, University of Porto, xx labs

The $\mathcal{S}_{leeve}$ construction proposed by Chaum et al. (ACNS'21) introduces an extra security layer for digital wallets by allowing users to generate a "back up key" securely nested inside the secret key of a signature scheme, i.e., ECDSA. The "back up key", which is secret, can be used to issue a "proof of ownership", i.e., only the real owner of this secret key can generate a single proof, which is based on the WOTS+ signature scheme. The authors of $\mathcal{S}_{leeve}$ proposed the formal technique for a single proof of ownership, and only informally outlined a construction to generalize it to multiple proofs. This work identifies that their proposed construction presents drawbacks, i.e., varying of signature size and signing/verifying computation complexity, limitation of linear construction, etc. Therefore we introduce WOTSwana, a generalization of $\mathcal{S}_{leeve}$, which is, more concretely, a more general scheme, i.e., an extra security layer that generates multiple proofs of ownership, and put forth a thorough formalization of two constructions: (1) one given by a linear concatenation of numerous WOTS+ private/public keys, and (2) a construction based on tree like structure, i.e., an underneath Merkle tree whose leaves are WOTS+ private/public key pairs. Furthermore, we present the security analysis for multiple proofs of ownership, showcasing that this work addresses the early mentioned drawbacks of the original construction. In particular, we extend the original security definition for $\mathcal{S}_{leeve}$. Finally, we illustrate an alternative application of our construction, by discussing the creation of an encrypted group chat messaging application.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. ICISC 2022
hash-based signatures post-quantum cryptography
Contact author(s)
mario yaksetig @ fe up pt
2022-11-23: approved
2022-11-21: received
See all versions
Short URL
No rights reserved


      author = {David Chaum and Mario Larangeira and Mario Yaksetig},
      title = {WOTSwana: A Generalized Sleeve Construction for Multiple Proofs of Ownership},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1623},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.