Paper 2024/1950

Two-Round 2PC ECDSA at the Cost of 1 OLE

Michael Adjedj, Fireblocks
Constantin Blokh, Fireblocks
Geoffroy Couteau, Université Paris Cité, CNRS, IRIF
Antoine Joux, CISPA Helmholtz Center for Information Security
Nikolaos Makriyannis, Fireblocks
Abstract

We present a novel protocol for two-party ECDSA that achieves two rounds (a single back-and-forth communication) at the cost of a single oblivious linear function evaluation (OLE). In comparison, the previous work of [DKLs18] (S&P 2018) achieves two rounds at the cost of three OLEs, while [BHL24] (Manuscript 2024) requires expensive zero-knowledge proofs on top of the OLE. We demonstrate this by proving that in the generic group model, any adversary capable of generating forgeries for our protocol can be transformed into an adversary that finds preimages for the ECDSA message digest function (e.g., the SHA family). Interestingly, our analysis is closely related to, and has ramifications for, the `presignatures' mode of operation—[CGGMP20] (CCS 2020), [GroSho22] (EUROCRYPT 2022). Motivated by applications to embedded cryptocurrency wallets, where a single server maintains distinct, shared public keys with separate clients (i.e., a star-shaped topology), and with the goal of minimizing communication, we instantiate our protocol using Paillier encryption and suitable zero-knowledge proofs. To reduce computational overhead, we thoroughly optimize all components of our protocol under sound cryptographic assumptions, specifically small-exponent variants of RSA-style assumptions. Finally, we implement our protocol and provide benchmarks. At the 128-bit security level, the signing phase requires approximately 50ms of computation time on a standard linux machine, and 2KB of bandwidth.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Threshold Signatures2PCECDSAPresignaturesDigital Wallets
Contact author(s)
madjej @ fireblocks com
costy @ fireblocks com
couteau @ irif fr
joux @ cispa de
n makriyannis @ gmail com
History
2024-12-06: approved
2024-12-02: received
See all versions
Short URL
https://ia.cr/2024/1950
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1950,
      author = {Michael Adjedj and Constantin Blokh and Geoffroy Couteau and Antoine Joux and Nikolaos Makriyannis},
      title = {Two-Round {2PC} {ECDSA} at the Cost of 1 {OLE}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1950},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1950}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.