Abstract
Adaptor signatures extend the functionality of regular signatures through the computation of pre-signatures on messages for statements of NP relations. Pre-signatures are publicly verifiable; they simultaneously hide and commit to a signature of an underlying signature scheme on that message. Anybody possessing a corresponding witness for the statement can adapt the pre-signature to obtain the “regular” signature. Adaptor signatures have found numerous applications for conditional payments in blockchain systems, like payment channels (CCS’20, CCS’21), private coin mixing (CCS’22, SP’23), and oracle-based payments (NDSS’23).
In our work, we revisit the state of the security of adaptor signatures and their constructions. In particular, our two main contributions are:
-
Security Gaps and Definitions: We review the widely-used security model of adaptor signatures due to Aumayr et al. (AC’21) and identify gaps in their definitions that render known protocols for private coin-mixing and oracle-based payments insecure. We give simple counterexamples of adaptor signatures that are secure w.r.t. their definitions but result in insecure instantiations of these protocols. To fill these gaps, we identify a minimal set of modular definitions that align with these practical applications.
-
Secure Constructions: Despite their popularity, all known constructions are (1) derived from identification schemes via the Fiat-Shamir transform in the random oracle model or (2) require modifications to the underlying signature verification algorithm, thus making the construction useless in the setting of cryptocurrencies. More concerningly, all known constructions were proven secure w.r.t. the insufficient definitions of Aumayr et al., leaving us with no provably secure adaptor signature scheme to use in applications.
Firstly, in this work, we salvage all current applications by proving the security of the widely-used Schnorr adaptor signatures under our proposed definitions. We then provide several new constructions, including presenting the first adaptor signature schemes for Camenisch-Lysyanskaya (CL), Boneh-Boyen-Shacham (BBS+), and Waters signatures, all of which are proven secure in the standard model. Our new constructions rely on a new abstraction of digital signatures, called dichotomic signatures, which covers the essential properties we need to build adaptor signatures. Proving the security of all constructions (including identification-based schemes) relies on a novel non-black-box proof technique. Both our digital signature abstraction and the proof technique could be of independent interest to the community.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We call these reductions transparent since we can “see-through” the reduction and use its code in a non-black-box way.
References
Albrecht, M.R., Cini, V., Lai, R.W.F., Malavolta, G., Thyagarajan, S.A.: Lattice-based SNARKs: publicly verifiable, preprocessing, and recursively composable. In: Dodis, Y., Shrimpton, T. (eds.) Advances in Cryptology – CRYPTO 2022, pp. 102–132. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15979-4_4
Au, M.H., Susilo, W., Mu, Y.: Constant-size dynamic k-TAA. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 111–125. Springer, Heidelberg (2006). https://doi.org/10.1007/11832072_8
Aumayr, L., et al.: Generalized channels from limited blockchain scripts and adaptor signatures. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13091, pp. 635–664. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92075-3_22
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Denning, D.E., et al. (eds.) ACM CCS 93: 1st Conference on Computer and Communications Security, pp. 62–73. ACM Press, Fairfax, Virginia, USA (1993)
Blum, M., Feldman, P., Micali, S.: Non-interactive zero- knowledge and its applications (extended abstract). In: 20th Annual ACM Symposium on Theory of Computing. Chicago, IL, USA, pp. 103–112. ACM Press (1988)
Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_4
Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_3
Boneh, D., Shen, E., Waters, B.: Strongly unforgeable signatures based on computational diffie-hellman. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 229–240. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_15
Brickell, E., Li, J.: Enhanced privacy ID from bilinear pairing. Cryptology ePrint Archive, Report 2009/095 (2009). https://eprint.iacr.org/2009/095
Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation using the strong diffie hellman assumption revisited. Cryptology ePrint Archive, Report 2016/663 (2016). https://eprint.iacr.org/2016/663
Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation using the strong diffie hellman assumption revisited. In: Franz, M., Papadimitratos, P. (eds.) Trust 2016. LNCS, vol. 9824, pp. 1–20. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45572-3_1
Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36413-7_20
Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)
Dai, W., Okamoto, T., Yamamoto, G.: Stronger security and generic constructions for adaptor signatures. In: Isobe, T., Sarkar, S. (eds.) Progress in Cryptology – INDOCRYPT 2022. Ed. by Takanori Isobe and Santanu Sarkar, pp. 52–77. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22912-1_3
Decker, C., Wattenhofer, R.: A fast and scalable payment network with bitcoin duplex micropayment channels. In: Pelc, A., Schwarzmann, A.A. (eds.) SSS 2015. LNCS, vol. 9212, pp. 3–18. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21741-3_1
Eckey, L., et al.: Splitting payments locally while routing interdimensionally. Cryptology ePrint Archive, Report 2020/555 (2020). https://eprint.iacr.org/2020/555
Erwig, A., Faust, S., Hostáková, K., Maitra, M., Riahi, S.: Two-party adaptor signatures from identification schemes. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12710, pp. 451–480. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75245-3_17
Esgin, M.F., Ersoy, O., Erkin, Z.: Post-quantum adaptor signatures and payment channel networks. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12309, pp. 378–397. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59013-0_19
Finema: Enterprise Decentralized Identity (2024). https://finema.co
Fischlin, M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 152–168. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_10
Glaeser, N., et al.: Foundations of coin mixing services. In: Yin, H., et al. (eds.) ACM CCS 2022: 29th Conference on Computer and Communications Security, pp. 1259–1273. ACM Press, Los Angeles, CA, USA (2022)
Hyperledger Ursa (2019). https://github.com/hyperledger/ursa
Looker, T., et al.: The BBS signature scheme. Internet-Draft draft-irtfcfrg- bbs-signatures-02.Work in Progress. Internet Engineering Task Force, pp. 71 (2023)
Madathil, V., et al.: Cryptographic oracle-based conditional payments. Cryptology ePrint Archive, Paper 2022/499 (2022). https://eprint.iacr.org/2022/499
Madathil, V., et al.: Cryptographic oracle-based conditional payments. In: Proceedings 2023 Network and Distributed System Security Symposium (2023)
Malavolta, G., et al.: Anonymous multi-hop locks for blockchain scalability and interoperability. In: ISOC Network and Distributed System Security Symposium - NDSS 2019. The Internet Society, San Diego (2019)
Miller, A., Bentov, I., Bakshi, S., Kumaresan, R., McCorry, P.: Sprites and state channels: payment networks that go faster than lightning. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 508–526. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32101-7_30
Poelstra, A.: Scriptless scripts. In: Presentation Slides (2017)
Qin, X., et al.: BlindHub: bitcoin-compatible privacy-preserving payment channel hubs supporting variable amounts. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 2462–2480 (2023)
Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161–174 (1991)
Tairi, E., Moreno-Sanchez, P., Maffei, M.: Post-quantum adaptor signature for privacy-preserving off-chain payments. Cryptology ePrint Archive, Report 2020/1345 (2020). https://eprint.iacr.org/2020/1345
Tsang, P.P., et al.: Blacklistable anonymous credentials: blocking misbehaving users without TTPs. In: Ning, P., De Capitani, S., di Vimercati, and Paul F. Syverson, (eds.) ACM CCS 2007: 14th Conference on Computer and Communications Security, pp. 72–81. ACM Press, Alexandria, Virginia, USA (2007)
Acknowledgments
We thank the anonymous reviewers for their very helpful comments and suggestions. This work was partially supported by Deutsche Forschungsgemeinschaft as part of the Research and Training Group 2475 “Cybercrime and Forensic Computing” (grant number 393541319/GRK2475/1-2019), grant 442893093, by the state of Bavaria at the Nuremberg Campus of Technology (NCT) which is a research cooperation between the Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) and the Technische Hochschule Nürnberg Georg Simon Ohm (THN), and by the Smart Networks and Services Joint Undertaking (SNS JU) under the European Union’s Horizon Europe research and innovation program in the scope of the CONFIDENTIAL6G project under Grant Agreement 101096435, The contents of this publication are the sole responsibility of the authors and do not in any way reflect the views of the EU.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 International Association for Cryptologic Research
About this paper
Cite this paper
Gerhart, P., Schröder, D., Soni, P., Thyagarajan, S.A. (2024). Foundations of Adaptor Signatures. In: Joye, M., Leander, G. (eds) Advances in Cryptology – EUROCRYPT 2024. EUROCRYPT 2024. Lecture Notes in Computer Science, vol 14652. Springer, Cham. https://doi.org/10.1007/978-3-031-58723-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-58723-8_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-58722-1
Online ISBN: 978-3-031-58723-8
eBook Packages: Computer ScienceComputer Science (R0)