Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Promise \(\varSigma \)-Protocol: How to Construct Efficient Threshold ECDSA from Encryptions Based on Class Groups

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2021 (ASIACRYPT 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13093))

Abstract

Threshold Signatures allow n parties to share the ability of issuing digital signatures so that any coalition of size at least \(t+1\) can sign, whereas groups of t or fewer players cannot. The currently known class-group-based threshold ECDSA constructions are either inefficient (requiring parallel-repetition of the underlying zero knowledge proof with small challenge space) or requiring rather non-standard low order assumption. In this paper, we present efficient threshold ECDSA protocols from encryption schemes based on class groups with neither assuming the low order assumption nor parallel repeating the underlying zero knowledge proof, yielding a significant efficiency improvement in the key generation over previous constructions.

Along the way we introduce a new notion of promise \(\varSigma \)-protocol that satisfies only a weaker soundness called promise extractability. An accepting promise \(\varSigma \)-proof for statements related to class-group-based encryptions does not establish the truth of the statement but provides security guarantees (promise extractability) that are sufficient for our applications. We also show how to simulate homomorphic operations on a (possibly invalid) class-group-based encryption whose correctness has been proven via our promise \(\varSigma \)-protocol. We believe that these techniques are of independent interest and applicable to other scenarios where efficient zero knowledge proofs for statements related to class-group is required.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In our construction of the two-party protocol, \(\mathcal {P}_2\) does homomorphic operations only on \((c_{key,1},c_{key,2})\) (and not on \((C_{key,1},C_{key,2})\)) and sends back the resulting \(\textsf {CL}\) ciphertext.

  2. 2.

    These encoding schemes \(\mathsf{DL.Code}\) and \(\mathsf{CL.Code}\) may vary with applications, and may be randomized.

  3. 3.

    It is easy to verify that the straight-line extractor for protocol \(\varSigma _\mathrm{prom}^1\), similar to the one for protocol \(\varSigma _\mathrm{prom}^{2}\), does not require the knowledge of \(\textsf {sk}_0\) (which does not exist in protocol \(\varSigma _\mathrm{prom}^{1}\)).

References

  1. Boneh, D., Bünz, B., Fisch, B.: A survey of two verifiable delay functions. Cryptology ePrint Archive, Report 2018/712 (2018). https://eprint.iacr.org/2018/712

  2. Boneh, D., Gennaro, R., Goldfeder, S.: Using Level-1 homomorphic encryption to improve threshold DSA signatures for bitcoin wallet security. In: Lange, T., Dunkelman, O. (eds.) LATINCRYPT 2017. LNCS, vol. 11368, pp. 352–377. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25283-0_19

    Chapter  Google Scholar 

  3. Belabas, K., Kleinjung, T., Sanso, A., Wesolowski, B.: A note on the low order assumption in class group of an imaginary quadratic number fields. Cryptology ePrint Archive, Report 2020/1310 (2020). https://eprint.iacr.org/2020/1310

  4. Castagnos, G., Catalano, D., Laguillaumie, F., Savasta, F., Tucker, I.: Two-party ECDSA from hash proof systems and efficient instantiations. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 191–221. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_7

    Chapter  Google Scholar 

  5. Castagnos, G., Catalano, D., Laguillaumie, F., Savasta, F., Tucker, I.: Bandwidth-efficient threshold EC-DSA. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12111, pp. 266–296. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45388-6_10

    Chapter  Google Scholar 

  6. Castagnos, G., Laguillaumie, F.: Linearly homomorphic encryption from \(\sf DDH\). In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 487–505. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16715-2_26

    Chapter  Google Scholar 

  7. Castagnos, G., Laguillaumie, F., Tucker, I.: Practical fully secure unrestricted inner product functional encryption modulo p. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 733–764. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_25

    Chapter  Google Scholar 

  8. Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, Heidelberg (2000). https://doi.org/10.1007/978-3-662-02945-9

    Book  Google Scholar 

  9. Desmedt, Y.: Society and group oriented cryptography: a new concept. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 120–127. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_8

    Chapter  Google Scholar 

  10. Doerner, J., Kondi, Y., Lee, E., Shelat, A.: Secure two-party threshold ECDSA from ECDSA assumptions. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 980–997 (2018)

    Google Scholar 

  11. Doerner, J., Kondi, Y., Lee, E., Shelat, A.: Threshold ECDSA from ECDSA assumptions: the multiparty case. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1051–1066 (2019)

    Google Scholar 

  12. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    Chapter  Google Scholar 

  13. Gennaro, R., Goldfeder, S.: Fast multiparty threshold ECDSA with fast trustless setup. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 1179–1194. Association for Computing Machinery, New York (2018)

    Google Scholar 

  14. Gennaro, R., Goldfeder, S.: One round threshold ECDSA with identifiable abort. Cryptology ePrint Archive, Report 2020/540 (2020). https://eprint.iacr.org/2020/540

  15. Gennaro, R., Goldfeder, S., Narayanan, A.: Threshold-optimal DSA/ECDSA signatures and an application to bitcoin wallet security. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 156–174. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_9

    Chapter  MATH  Google Scholar 

  16. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 354–371. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_31

    Chapter  Google Scholar 

  17. Girault, M., Poupard, G., Stern, J.: On the fly authentication and signature schemes based on groups of unknown order. J. Cryptol. 19, 463–487 (2006)

    Article  MathSciNet  Google Scholar 

  18. Lindell, Y.: Fast secure two-party ECDSA signing. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 613–644. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_21

    Chapter  Google Scholar 

  19. Lindell, Y., Nof, A.: Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 1837–1854. Association for Computing Machinery, New York (2018)

    Google Scholar 

  20. MacKenzie, P., Reiter, M.K.: Two-party generation of DSA signatures. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 137–154. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_8

    Chapter  Google Scholar 

  21. Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_33

    Chapter  Google Scholar 

  22. Yuen, T.H., Cui, H., Xie, X.: Compact zero-knowledge proofs for threshold ECDSA with trustless setup. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12710, pp. 481–511. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75245-3_18

    Chapter  Google Scholar 

Download references

Acknowledgments

We would like to thank the anonymous reviewers for their valuable suggestions. We are supported by the National Natural Science Foundation of China (Grant No. 61932019, No. 61772521 and No. 61772522) and the Key Research Program of Frontier Sciences, CAS (Grant No. QYZDB-SSW-SYS035).

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Yi Deng, Shunli Ma, Xinxuan Zhang & Hailong Wang

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Yi Deng, Shunli Ma, Xinxuan Zhang & Hailong Wang

  3. Shanghai Key Laboratory of Privacy-Preserving Computation, Shanghai, China

    Xuyang Song & Xiang Xie

Authors
  1. Yi Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shunli Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xinxuan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hailong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xuyang Song
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Xiang Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Yi Deng , Shunli Ma , Xinxuan Zhang , Hailong Wang , Xuyang Song or Xiang Xie .

Editor information

Editors and Affiliations

  1. NTT Corporation, Tokyo, Japan

    Mehdi Tibouchi

  2. Nanyang Technological University, Singapore, Singapore

    Huaxiong Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Deng, Y., Ma, S., Zhang, X., Wang, H., Song, X., Xie, X. (2021). Promise \(\varSigma \)-Protocol: How to Construct Efficient Threshold ECDSA from Encryptions Based on Class Groups. In: Tibouchi, M., Wang, H. (eds) Advances in Cryptology – ASIACRYPT 2021. ASIACRYPT 2021. Lecture Notes in Computer Science(), vol 13093. Springer, Cham. https://doi.org/10.1007/978-3-030-92068-5_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-92068-5_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-92067-8

  • Online ISBN: 978-3-030-92068-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation