Skip to main content
SpringerLink
Log in

Two-Round Stateless Deterministic Two-Party Schnorr Signatures from Pseudorandom Correlation Functions

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2023 (CRYPTO 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14081))

Included in the following conference series:

Abstract

Schnorr signatures are a popular choice due to their simplicity, provable security, and linear structure that enables relatively easy threshold signing protocols. The deterministic variant of Schnorr (where the nonce is derived in a stateless manner using a PRF from the message and a long term secret) is widely used in practice since it mitigates the threats of a faulty or poor randomness generator (which in Schnorr leads to catastrophic breaches of security). Unfortunately, threshold protocols for the deterministic variant of Schnorr have so far been quite inefficient, as they make non black-box use of the PRF involved in the nonce generation.

In this paper, we present the first two-party threshold protocol for Schnorr signatures, where signing is stateless and deterministic, and only makes black-box use of the underlying cryptographic algorithms.

We present a protocol from general assumptions which achieves covert security, and a protocol that achieves full active security under standard factoring-like assumptions. Our protocols make crucial use of recent advances within the field of pseudorandom correlation functions (PCFs).

As an additional benefit, only two-rounds are needed to perform distributed signing in our protocol, connecting our work to a recent line of research on the trade-offs between round complexity and cryptographic assumptions for threshold Schnorr signatures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Assuming that the adversary uses the general number field sieve, \(\ell (\kappa ) = \widetilde{\varTheta }(\kappa ^3)\).

  2. 2.

    \(\eta \) really should be rounded up to an integer, but this makes almost no difference.

References

  1. Kılınç Alper, H., Burdges, J.: Two-round trip schnorr multi-signatures via delinearized witnesses. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 157–188. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_7

    Chapter  Google Scholar 

  2. Aumann, Y., Lindell, Y.: Security against covert adversaries: efficient protocols for realistic adversaries. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 137–156. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_8

    Chapter  Google Scholar 

  3. Abram, D., Nof, A., Orlandi, C., Scholl, P., Shlomovits, O.: Low-bandwidth threshold ECDSA via pseudorandom correlation generators. In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, 22–26 May 2022, pp. 2554–2572. IEEE (2022)

    Google Scholar 

  4. Aranha, D.F., Novaes, F.R., Takahashi, A., Tibouchi, M., Yarom, Y.: LadderLeak: breaking ECDSA with less than one bit of nonce leakage. In: ACM CCS 2020, November 2020

    Google Scholar 

  5. Barwood, G.: Digital signatures using elliptic curves, message 32f519ad. 19609226@news.dial.pipex.com posted to sci.crypt., (1997)

    Google Scholar 

  6. Barker, E.: Recommendation for key management: Part 1 - general. Technical Report NIST Special Publication (SP) 800–57, Part 1, Rev. 5, National Institute of Standards and Technology, Gaithersburg, MD (2020)

    Google Scholar 

  7. Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, May 2018

    Google Scholar 

  8. Boyle, E., Couteau, G., Gilboa, N., Ishai, Y., Kohl, L., Scholl, P.: Correlated pseudorandom functions from variable-density LPN. In: 61st FOCS, November (2020)

    Google Scholar 

  9. Brandenburger, M., Cachin, C., Lorenz, M., Kapitza, R.: Rollback and forking detection for trusted execution environments using lightweight collective memory. In: DSN 2017 (2017)

    Google Scholar 

  10. Brandão, L.T.A.N., Davidson, M.: NISTIR 8214B, Notes on Threshold EdDSA/Schnorr Signatures (2022). https://csrc.nist.gov/publications/detail/nistir/8214b/draft

  11. Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B-Y :. High-speed high-security signatures. In CHES 2011, September/October (2011)

    Google Scholar 

  12. Bonte, C., Smart, N.P., Tanguy, T.: Thresholdizing hasheddsa: MPC to the rescue. Int. J. Inf. Sec. 20(6), 879–894 (2021)

    Article  Google Scholar 

  13. Canetti, R., Gennaro, R., Goldfeder, S., Makriyannis, N., Peled, U.: UC non-interactive, proactive, threshold ECDSA with identifiable aborts. In: ACM CCS 2020, November 2020

    Google Scholar 

  14. Couteau, G., Klooß, M., Lin, H., Reichle, M.: Efficient Range Proofs with Transparent Setup from Bounded Integer Commitments. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021, Part III. LNCS, vol. 12698, pp. 247–277. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77883-5_9

    Chapter  Google Scholar 

  15. Drijvers, M., et al.: On the security of two-round multi-signatures. In: 2019 IEEE Symposium on Security and Privacy, May 2019

    Google Scholar 

  16. Desmedt, Y.: Society and group oriented cryptography: a new concept. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 120–127. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_8

    Chapter  Google Scholar 

  17. Damgård, I., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36178-2_8

    Chapter  Google Scholar 

  18. Dodis, Y., Halevi, S., Rothblum, R.D., Wichs, D.: Spooky Encryption and Its Applications. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part III. LNCS, vol. 9816, pp. 93–122. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_4

    Chapter  Google Scholar 

  19. Dalskov, A., Orlandi, C., Keller, M., Shrishak, K., Shulman, H.: Securing DNSSEC keys via threshold ECDSA from generic MPC. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020, Part II. LNCS, vol. 12309, pp. 654–673. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59013-0_32

    Chapter  Google Scholar 

  20. Everspaugh, A., Zhai, Y., Jellinek, R., Ristenpart, T., Swift, M.: Not-so-random numbers in virtualized Linux and the whirlwind RNG. In: 2014 IEEE Symposium on Security and Privacy, May 2014

    Google Scholar 

  21. Gennaro, R., Goldfeder, S.: Fast multiparty threshold ECDSA with fast trustless setup. In: ACM CCS 2018, October 2018

    Google Scholar 

  22. Gilboa, N.: Two party RSA key generation. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 116–129. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_8

    Chapter  Google Scholar 

  23. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptology 20(1), 51–83 (2006). https://doi.org/10.1007/s00145-006-0347-3

    Article  MathSciNet  MATH  Google Scholar 

  24. Garillot, F., Kondi, Y., Mohassel, P., Nikolaenko, V.: Threshold Schnorr with stateless deterministic signing from standard assumptions. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 127–156. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_6

    Chapter  Google Scholar 

  25. Goldreich, O., Micali, S., Wigderson, A.: How to prove all NP statements in zero-knowledge and a methodology of cryptographic protocol design (Extended Abstract). In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 171–185. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_11

    Chapter  Google Scholar 

  26. Heninger, N.: RSA, DH and DSA in the Wild. In: Bos, J., Stam, M. (eds.), Computational Cryptography, chapter 6, pp. 140–181. Cambridge University Press (2022)

    Google Scholar 

  27. Howgrave-Graham, N., Smart, N.P.: Lattice attacks on digital signature schemes. Des. Codes Cryptogr. 23(3), 283–290 (2001)

    Article  MathSciNet  MATH  Google Scholar 

  28. Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_9

    Chapter  Google Scholar 

  29. Jawurek, M., Kerschbaum, F., Orlandi, C.: Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently. In: ACM CCS 2013, November 2013

    Google Scholar 

  30. Kumari, R., Alimomeni, M., Safavi-Naini, R.: Performance analysis of Linux RNG in virtualized environments. In: ACM Workshop on Cloud Computing Security Workshop - CCSW 2015, New York, USA (2015)

    Google Scholar 

  31. Komlo, C., Goldberg, I.: FROST: flexible round-optimized Schnorr threshold signatures. SAC 2020(October), 21–23 (2020)

    MATH  Google Scholar 

  32. Lindell, Y.: Simple three-round multiparty schnorr signing with full simulatability. Cryptology ePrint Archive, Report 2022/374 (2022). http://eprint.iacr.org/2022/374

  33. Lindell, Y., Nof, A.: Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: ACM CCS 2018, October 2018

    Google Scholar 

  34. Matetic, S., et al.: ROTE: rollback protection for trusted execution. In: USENIX Security 2017, August 2017

    Google Scholar 

  35. De Micheli, G., Heninger, N.: Recovering cryptographic keys from partial information, by example. Cryptology ePrint Archive, Report 2020/1506 (2020). https://eprint.iacr.org/2020/1506

  36. Maxwell, G., Poelstra, A., Seurin, Y., Wuille, P.: Simple schnorr multi-signatures with applications to bitcoin. Des. Codes Cryptography 87(9), 2139–2164 (2019)

    Article  MathSciNet  MATH  Google Scholar 

  37. Nicolosi, A., Krohn, M.N., Dodis, Y., Mazieres, D.: Proactive two-party signatures for user authentication. In: NDSS 2003, February 2003

    Google Scholar 

  38. Nick, J., Ruffing, T., Seurin, Y.: MuSig2: simple two-round Schnorr multi-signatures. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 189–221. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_8

    Chapter  Google Scholar 

  39. Nick, J., Ruffing, T., Seurin, Y., Wuille, P.: MuSig-DN: schnorr multi-signatures with verifiably deterministic nonces. In: ACM CCS 2020, November 2020

    Google Scholar 

  40. Orlandi, C., Scholl, P., Yakoubov, S.: The rise of Paillier: homomorphic secret sharing and public-key silent OT. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021, Part I. LNCS, vol. 12696, pp. 678–708. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_24

    Chapter  Google Scholar 

  41. Pedersen, T.P.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_47

    Chapter  Google Scholar 

  42. Parno, B., Lorch, J.R., Douceur, J.R., Mickens, J.W., McCune, J.M.: Memoir: practical state continuity for protected modules. In: 2011 IEEE Symposium on Security and Privacy, May 2011

    Google Scholar 

  43. Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_33

    Chapter  Google Scholar 

  44. Roy, L.: SoftSpokenOT: communication-computation tradeoffs in OT extension. In: CRYPTO 2022 (2022)

    Google Scholar 

  45. Roy, L., Singh, J.: Large message homomorphic secret sharing from DCR and applications. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part III. LNCS, vol. 12827, pp. 687–717. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_23

    Chapter  Google Scholar 

  46. Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161–174 (1991). https://doi.org/10.1007/BF00196725

    Article  MathSciNet  MATH  Google Scholar 

  47. Strackx, R., Piessens, F.: Ariadne: a minimal approach to state continuity. In: USENIX Security 2016, August 2016

    Google Scholar 

  48. Stinson, D.R., Strobl, R.: Provably secure distributed Schnorr signatures and a \((t, n)\) threshold scheme for implicit certificates. In: ACISP 01, July 2001

    Google Scholar 

  49. Smart, N.P., Alaoui, Y.T.: Distributing any elliptic curve based protocol. In: 17th IMA International Conference on Cryptography and Coding, December 2019

    Google Scholar 

  50. Wigley, J.: Removing need for RNG in signatures, message 5gov5d\$pad@wapping.ecs.soton.ac.uk posted to sci.crypt (1997). https://groups.google.com/group/sci.crypt/msg/a6da45bcc8939a89

  51. Wuille, P., Nick, J., Ruffing, T.: BIP 340: Schnorr signatures for secp256k1. https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki

Download references

Acknowledgments

The research described in this paper received funding from: the Concordium Blockhain Research Center, Aarhus University, Denmark; the Carlsberg Foundation under the Semper Ardens Research Project CF18-112 (BCM); the European Research Council (ERC) under the European Unions’s Horizon 2020 research and innovation programme under grant agreement No 803096 (SPEC); the Danish Independent Research Council under Grant-ID DFF-0165-00107B (C3PO).

Author information

Authors and Affiliations

  1. Aarhus University, Aarhus, Denmark

    Yashvanth Kondi, Claudio Orlandi & Lawrence Roy

Authors
  1. Yashvanth Kondi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Claudio Orlandi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lawrence Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yashvanth Kondi .

Editor information

Editors and Affiliations

  1. Rambus Inc., San Jose, CA, USA

    Helena Handschuh

  2. Brown University, Providence, RI, USA

    Anna Lysyanskaya

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kondi, Y., Orlandi, C., Roy, L. (2023). Two-Round Stateless Deterministic Two-Party Schnorr Signatures from Pseudorandom Correlation Functions. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14081. Springer, Cham. https://doi.org/10.1007/978-3-031-38557-5_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-38557-5_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-38556-8

  • Online ISBN: 978-3-031-38557-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation