Twinkle: Threshold Signatures from DDH with Full Adaptive Security

Renas Bacho; Julian Loss; Stefano Tessaro; Benedikt Wagner; Chenzhi Zhu

Paper 2023/1482

Twinkle: Threshold Signatures from DDH with Full Adaptive Security

Renas Bacho

, CISPA Helmholtz Center for Information Security, Saarland University

Julian Loss

, CISPA Helmholtz Center for Information Security

Stefano Tessaro

, University of Washington

Benedikt Wagner

, CISPA Helmholtz Center for Information Security, Saarland University

Chenzhi Zhu

, University of Washington

Abstract

Sparkle is the first threshold signature scheme in the pairing-free discrete logarithm setting (Crites, Komlo, Maller, Crypto 2023) to be proven secure under adaptive corruptions. However, without using the algebraic group model, Sparkle's proof imposes an undesirable restriction on the adversary. Namely, for a signing threshold , the adversary is restricted to corrupt at most parties. In addition, Sparkle's proof relies on a strong one-more assumption. In this work, we propose Twinkle, a new threshold signature scheme in the pairing-free setting which overcomes these limitations. Twinkle is the first pairing-free scheme to have a security proof under up to adaptive corruptions without relying on the algebraic group model. It is also the first such scheme with a security proof under adaptive corruptions from a well-studied non-interactive assumption, namely, the Decisional Diffie-Hellman (DDH) assumption. We achieve our result in two steps. First, we design a generic scheme based on a linear function that satisfies several abstract properties and prove its adaptive security under a suitable one-more assumption related to this function. In the context of this proof, we also identify a gap in the security proof of Sparkle and develop new techniques to overcome this issue. Second, we give a suitable instantiation of the function for which the corresponding one-more assumption follows from DDH.

Metadata

Available format(s): PDF
Publication info: A minor revision of an IACR publication in EUROCRYPT 2024
Keywords: Threshold Signatures Adaptive Security Pairing-Free Non-Interactive Assumptions
Contact author(s): renas bacho @ cispa de
loss @ cispa de
tessaro @ cs washington edu
benedikt wagner @ cispa de
zhucz20 @ cs washington edu
History: 2024-02-26: revised; 2023-09-28: received; See all versions
Short URL: https://ia.cr/2023/1482
License: CC BY

BibTeX

@misc{cryptoeprint:2023/1482,
      author = {Renas Bacho and Julian Loss and Stefano Tessaro and Benedikt Wagner and Chenzhi Zhu},
      title = {Twinkle: Threshold Signatures from {DDH} with Full Adaptive Security},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1482},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1482}
}