Paper 2023/765

Threshold ECDSA in Three Rounds

Jack Doerner, Technion – Israel Institute of Technology, Reichman University, Brown University
Yashvanth Kondi, Silence Laboratories (Deel)
Eysa Lee, Brown University
abhi shelat, Northeastern University

We present a three-round protocol for threshold ECDSA signing with malicious security against a dishonest majority, which information-theoretically UC-realizes a standard threshold signing functionality, assuming only ideal commitment and two-party multiplication primitives. Our protocol combines an intermediate representation of ECDSA signatures that was recently introduced by Abram et al. (Eurocrypt'22) with an efficient statistical consistency check reminiscent of the ones used by the protocols of Doerner et al. (S&P'18, S&P'19). We show that shared keys for our signing protocol can be generated using a simple commit-release-and-complain procedure, without any proofs of knowledge, and to compute the intermediate representation of each signature, we propose a two-round vectorized multiplication protocol based on oblivious transfer that outperforms all similar constructions.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision. IEEE S&P 2024
threshold cryptographymulti-party computationECDSAconcrete efficiency
Contact author(s)
j @ ckdoerner net
yash @ ykondi net
eysa_lee @ brown edu
abhi @ neu edu
2023-12-14: revised
2023-05-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jack Doerner and Yashvanth Kondi and Eysa Lee and abhi shelat},
      title = {Threshold {ECDSA} in Three Rounds},
      howpublished = {Cryptology ePrint Archive, Paper 2023/765},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.