### Efficient Online-friendly Two-Party ECDSA Signature

##### Abstract

Two-party ECDSA signatures have received much attention due to their widespread deployment in cryptocurrencies. Depending on whether or not the message is required, we could divide two-party signing into two different phases, namely, offline and online. Ideally, the online phase should be made as lightweight as possible. At the same time, the cost of the offline phase should remain similar to that of a normal signature generation. However, the existing two-party protocols of ECDSA are not optimal: either their online phase requires decryption of a ciphertext, or their offline phase needs at least two executions of multiplicative-to-additive conversion which dominates the overall complexity. This paper proposes an online-friendly two-party ECDSA with a lightweight online phase and a single multiplicative-to-additive function in the offline phase. It is constructed by a novel design of a re-sharing of the secret key and a linear sharing of the nonce. Our scheme significantly improves previous protocols based on either oblivious transfer or homomorphic encryption. We implement our scheme and show that it outperforms prior online-friendly schemes (i.e., those have lightweight online cost) by a factor of roughly 2 to 9 in both communication and computation. Furthermore, our two-party scheme could be easily extended to the $2$-out-of-$n$ threshold ECDSA.

Note: This includes the full proof of security. Add details of MtA in the appendix.

Available format(s)
Category
Cryptographic protocols
Publication info
Published elsewhere. ACM CCS 2021
DOI
10.1145/3460120.3484803
Keywords
ECDSA threshold signature two-party signature blockchain zero-knowledge proof
Contact author(s)
haiyangxc @ gmaill com
History
2022-10-05: revised
See all versions
Short URL
https://ia.cr/2022/318

CC BY

BibTeX

@misc{cryptoeprint:2022/318,
author = {Haiyang Xue and Man Ho Au and Xiang Xie and Tsz Hon Yuen and Handong Cui},
title = {Efficient Online-friendly Two-Party ECDSA Signature},
howpublished = {Cryptology ePrint Archive, Paper 2022/318},
year = {2022},
doi = {10.1145/3460120.3484803},
note = {\url{https://eprint.iacr.org/2022/318}},
url = {https://eprint.iacr.org/2022/318}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.