Paper 2024/1950
Two-Round 2PC ECDSA at the Cost of 1 OLE
Abstract
We present a novel protocol for two-party ECDSA that achieves two rounds (a single back-and-forth communication) at the cost of a single oblivious linear function evaluation (OLE). In comparison, the previous work of [DKLs18] (S&P 2018) achieves two rounds at the cost of three OLEs, while [BHL24] (Manuscript 2024) requires expensive zero-knowledge proofs on top of the OLE. We demonstrate this by proving that in the generic group model, any adversary capable of generating forgeries for our protocol can be transformed into an adversary that finds preimages for the ECDSA message digest function (e.g., the SHA family). Interestingly, our analysis is closely related to, and has ramifications for, the `presignatures' mode of operation—[CGGMP20] (CCS 2020), [GroSho22] (EUROCRYPT 2022). Motivated by applications to embedded cryptocurrency wallets, where a single server maintains distinct, shared public keys with separate clients (i.e., a star-shaped topology), and with the goal of minimizing communication, we instantiate our protocol using Paillier encryption and suitable zero-knowledge proofs. To reduce computational overhead, we thoroughly optimize all components of our protocol under sound cryptographic assumptions, specifically small-exponent variants of RSA-style assumptions. Finally, we implement our protocol and provide benchmarks. At the 128-bit security level, the signing phase requires approximately 50ms of computation time on a standard linux machine, and 2KB of bandwidth.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint.
- Keywords
- Threshold Signatures2PCECDSAPresignaturesDigital Wallets
- Contact author(s)
-
madjej @ fireblocks com
costy @ fireblocks com
couteau @ irif fr
joux @ cispa de
n makriyannis @ gmail com - History
- 2024-12-06: approved
- 2024-12-02: received
- See all versions
- Short URL
- https://ia.cr/2024/1950
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1950, author = {Michael Adjedj and Constantin Blokh and Geoffroy Couteau and Antoine Joux and Nikolaos Makriyannis}, title = {Two-Round {2PC} {ECDSA} at the Cost of 1 {OLE}}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1950}, year = {2024}, url = {https://eprint.iacr.org/2024/1950} }