Skip to main content

Foundations of Adaptor Signatures

  • Conference paper
  • First Online:
Advances in Cryptology – EUROCRYPT 2024 (EUROCRYPT 2024)

Abstract

Adaptor signatures extend the functionality of regular signatures through the computation of pre-signatures on messages for statements of NP relations. Pre-signatures are publicly verifiable; they simultaneously hide and commit to a signature of an underlying signature scheme on that message. Anybody possessing a corresponding witness for the statement can adapt the pre-signature to obtain the “regular” signature. Adaptor signatures have found numerous applications for conditional payments in blockchain systems, like payment channels (CCS’20, CCS’21), private coin mixing (CCS’22, SP’23), and oracle-based payments (NDSS’23).

In our work, we revisit the state of the security of adaptor signatures and their constructions. In particular, our two main contributions are:

  • Security Gaps and Definitions: We review the widely-used security model of adaptor signatures due to Aumayr et al. (AC’21) and identify gaps in their definitions that render known protocols for private coin-mixing and oracle-based payments insecure. We give simple counterexamples of adaptor signatures that are secure w.r.t. their definitions but result in insecure instantiations of these protocols. To fill these gaps, we identify a minimal set of modular definitions that align with these practical applications.

  • Secure Constructions: Despite their popularity, all known constructions are (1) derived from identification schemes via the Fiat-Shamir transform in the random oracle model or (2) require modifications to the underlying signature verification algorithm, thus making the construction useless in the setting of cryptocurrencies. More concerningly, all known constructions were proven secure w.r.t. the insufficient definitions of Aumayr et al., leaving us with no provably secure adaptor signature scheme to use in applications.

    Firstly, in this work, we salvage all current applications by proving the security of the widely-used Schnorr adaptor signatures under our proposed definitions. We then provide several new constructions, including presenting the first adaptor signature schemes for Camenisch-Lysyanskaya (CL), Boneh-Boyen-Shacham (BBS+), and Waters signatures, all of which are proven secure in the standard model. Our new constructions rely on a new abstraction of digital signatures, called dichotomic signatures, which covers the essential properties we need to build adaptor signatures. Proving the security of all constructions (including identification-based schemes) relies on a novel non-black-box proof technique. Both our digital signature abstraction and the proof technique could be of independent interest to the community.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    We call these reductions transparent since we can “see-through” the reduction and use its code in a non-black-box way.

References

  1. Albrecht, M.R., Cini, V., Lai, R.W.F., Malavolta, G., Thyagarajan, S.A.: Lattice-based SNARKs: publicly verifiable, preprocessing, and recursively composable. In: Dodis, Y., Shrimpton, T. (eds.) Advances in Cryptology – CRYPTO 2022, pp. 102–132. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15979-4_4

  2. Au, M.H., Susilo, W., Mu, Y.: Constant-size dynamic k-TAA. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 111–125. Springer, Heidelberg (2006). https://doi.org/10.1007/11832072_8

    Chapter  Google Scholar 

  3. Aumayr, L., et al.: Generalized channels from limited blockchain scripts and adaptor signatures. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13091, pp. 635–664. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92075-3_22

    Chapter  Google Scholar 

  4. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Denning, D.E., et al. (eds.) ACM CCS 93: 1st Conference on Computer and Communications Security, pp. 62–73. ACM Press, Fairfax, Virginia, USA (1993)

    Chapter  Google Scholar 

  5. Blum, M., Feldman, P., Micali, S.: Non-interactive zero- knowledge and its applications (extended abstract). In: 20th Annual ACM Symposium on Theory of Computing. Chicago, IL, USA, pp. 103–112. ACM Press (1988)

    Google Scholar 

  6. Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_4

    Chapter  Google Scholar 

  7. Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_3

    Chapter  Google Scholar 

  8. Boneh, D., Shen, E., Waters, B.: Strongly unforgeable signatures based on computational diffie-hellman. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 229–240. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_15

    Chapter  Google Scholar 

  9. Brickell, E., Li, J.: Enhanced privacy ID from bilinear pairing. Cryptology ePrint Archive, Report 2009/095 (2009). https://eprint.iacr.org/2009/095

  10. Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation using the strong diffie hellman assumption revisited. Cryptology ePrint Archive, Report 2016/663 (2016). https://eprint.iacr.org/2016/663

  11. Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation using the strong diffie hellman assumption revisited. In: Franz, M., Papadimitratos, P. (eds.) Trust 2016. LNCS, vol. 9824, pp. 1–20. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45572-3_1

    Chapter  Google Scholar 

  12. Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36413-7_20

    Chapter  Google Scholar 

  13. Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)

    Article  MathSciNet  Google Scholar 

  14. Dai, W., Okamoto, T., Yamamoto, G.: Stronger security and generic constructions for adaptor signatures. In: Isobe, T., Sarkar, S. (eds.) Progress in Cryptology – INDOCRYPT 2022. Ed. by Takanori Isobe and Santanu Sarkar, pp. 52–77. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22912-1_3

  15. Decker, C., Wattenhofer, R.: A fast and scalable payment network with bitcoin duplex micropayment channels. In: Pelc, A., Schwarzmann, A.A. (eds.) SSS 2015. LNCS, vol. 9212, pp. 3–18. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21741-3_1

    Chapter  Google Scholar 

  16. Eckey, L., et al.: Splitting payments locally while routing interdimensionally. Cryptology ePrint Archive, Report 2020/555 (2020). https://eprint.iacr.org/2020/555

  17. Erwig, A., Faust, S., Hostáková, K., Maitra, M., Riahi, S.: Two-party adaptor signatures from identification schemes. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12710, pp. 451–480. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75245-3_17

    Chapter  Google Scholar 

  18. Esgin, M.F., Ersoy, O., Erkin, Z.: Post-quantum adaptor signatures and payment channel networks. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12309, pp. 378–397. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59013-0_19

    Chapter  Google Scholar 

  19. Finema: Enterprise Decentralized Identity (2024). https://finema.co

  20. Fischlin, M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 152–168. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_10

    Chapter  Google Scholar 

  21. Glaeser, N., et al.: Foundations of coin mixing services. In: Yin, H., et al. (eds.) ACM CCS 2022: 29th Conference on Computer and Communications Security, pp. 1259–1273. ACM Press, Los Angeles, CA, USA (2022)

    Google Scholar 

  22. Hyperledger Ursa (2019). https://github.com/hyperledger/ursa

  23. Looker, T., et al.: The BBS signature scheme. Internet-Draft draft-irtfcfrg- bbs-signatures-02.Work in Progress. Internet Engineering Task Force, pp. 71 (2023)

    Google Scholar 

  24. Madathil, V., et al.: Cryptographic oracle-based conditional payments. Cryptology ePrint Archive, Paper 2022/499 (2022). https://eprint.iacr.org/2022/499

  25. Madathil, V., et al.: Cryptographic oracle-based conditional payments. In: Proceedings 2023 Network and Distributed System Security Symposium (2023)

    Google Scholar 

  26. Malavolta, G., et al.: Anonymous multi-hop locks for blockchain scalability and interoperability. In: ISOC Network and Distributed System Security Symposium - NDSS 2019. The Internet Society, San Diego (2019)

    Google Scholar 

  27. Miller, A., Bentov, I., Bakshi, S., Kumaresan, R., McCorry, P.: Sprites and state channels: payment networks that go faster than lightning. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 508–526. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32101-7_30

    Chapter  Google Scholar 

  28. Poelstra, A.: Scriptless scripts. In: Presentation Slides (2017)

    Google Scholar 

  29. Qin, X., et al.: BlindHub: bitcoin-compatible privacy-preserving payment channel hubs supporting variable amounts. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 2462–2480 (2023)

    Google Scholar 

  30. Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161–174 (1991)

    Article  MathSciNet  Google Scholar 

  31. Tairi, E., Moreno-Sanchez, P., Maffei, M.: Post-quantum adaptor signature for privacy-preserving off-chain payments. Cryptology ePrint Archive, Report 2020/1345 (2020). https://eprint.iacr.org/2020/1345

  32. Tsang, P.P., et al.: Blacklistable anonymous credentials: blocking misbehaving users without TTPs. In: Ning, P., De Capitani, S., di Vimercati, and Paul F. Syverson, (eds.) ACM CCS 2007: 14th Conference on Computer and Communications Security, pp. 72–81. ACM Press, Alexandria, Virginia, USA (2007)

    Google Scholar 

Download references

Acknowledgments

We thank the anonymous reviewers for their very helpful comments and suggestions. This work was partially supported by Deutsche Forschungsgemeinschaft as part of the Research and Training Group 2475 “Cybercrime and Forensic Computing” (grant number 393541319/GRK2475/1-2019), grant 442893093, by the state of Bavaria at the Nuremberg Campus of Technology (NCT) which is a research cooperation between the Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) and the Technische Hochschule Nürnberg Georg Simon Ohm (THN), and by the Smart Networks and Services Joint Undertaking (SNS JU) under the European Union’s Horizon Europe research and innovation program in the scope of the CONFIDENTIAL6G project under Grant Agreement 101096435, The contents of this publication are the sole responsibility of the authors and do not in any way reflect the views of the EU.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Paul Gerhart .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gerhart, P., Schröder, D., Soni, P., Thyagarajan, S.A. (2024). Foundations of Adaptor Signatures. In: Joye, M., Leander, G. (eds) Advances in Cryptology – EUROCRYPT 2024. EUROCRYPT 2024. Lecture Notes in Computer Science, vol 14652. Springer, Cham. https://doi.org/10.1007/978-3-031-58723-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-58723-8_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-58722-1

  • Online ISBN: 978-3-031-58723-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics