Paper 2022/1687

Stronger Security and Generic Constructions for Adaptor Signatures

Wei Dai, Bain Capital Crypto
Tatsuaki Okamoto, NTT
Go Yamamoto, NTT Research

Adaptor signatures have seen wide applications in layer-2 and peer-to-peer blockchain ap- plications such as atomic swaps and payment channels. We first identify two shortcomings of previous literature on adaptor signatures. (1) Current aim of “script-less” adaptor signatures restricts instantiability, limiting designs based on BLS or current NIST PQC candidates. (2) We identify gaps in current formulations of security. In particular, we show that current notions do not rule out a class of insecure schemes. Moreover, a natural property concerning the on-chain unlinkability of adaptor signatures has not been formalized. We then address these shortcomings by providing new and stronger security notions, as well as new generic constructions from any signature scheme and hard relation. On definitions: 1. We develop security notions that strictly imply previous notions. 2. We formalize the notion of unlinkability for adaptor signatures. 3. We give modular proof frameworks that facilitate simpler proofs. On constructions: 1. We give a generic construction of adaptor signature from any signature scheme and any hard relation, showing that theoretically, (linkable) adaptor signatures can be constructed from any one-way function. 2. We also give an unlinkable adaptor signature construction from any signature scheme and any strongly random-self reducible relation, which we show instantiations of using DL, RSA, and LWE.

Available format(s)
Publication info
Published elsewhere. INDOCRYPT2022
Adaptor signatures provable security random self-reducibility
Contact author(s)
me @ wdai us
tatsuaki okamoto @ gmail com
go yamamoto @ ntt-research com
2022-12-05: approved
2022-12-04: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial


      author = {Wei Dai and Tatsuaki Okamoto and Go Yamamoto},
      title = {Stronger Security and Generic Constructions for Adaptor Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1687},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.