Paper 2022/506

Design and analysis of a distributed ECDSA signing service

Jens Groth
Victor Shoup

We present and analyze a new protocol that provides a distributed ECDSA signing service, with the following properties: * it works in an asynchronous communication model; * it works with $n$ parties with up to $f < n/3$ Byzantine corruptions; * it provides guaranteed output delivery; * it provides a very efficient, non-interactive online signing phase; * it supports additive key derivation according to the BIP32 standard. While there has been a flurry of recent research on distributed ECDSA signing protocols, none of these newly designed protocols provides guaranteed output delivery over an asynchronous communication network; moreover, the performance of our protocol (in terms of asymptotic communication and computational complexity) meets or beats the performance of any of these other protocols. This service is being implemented and integrated into the architecture of the Internet Computer, enabling smart contracts running on the Internet Computer to securely hold and spend Bitcoin and other cryptocurrencies. Along the way, we present some results of independent interest: * a new asynchronous verifiable secret sharing (AVSS) scheme that is simple and efficient; * a new scheme for multi-recipient encryption that is simple and efficient.

Available format(s)
Cryptographic protocols
Publication info
ECDSAthreshold cryptographyasynchronousMPC
Contact author(s)
jens @ dfinity org
victor @ shoup net
2023-02-16: last of 5 revisions
2022-04-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jens Groth and Victor Shoup},
      title = {Design and analysis of a distributed ECDSA signing service},
      howpublished = {Cryptology ePrint Archive, Paper 2022/506},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.