ABSTRACT
Elliptic Curve Digital Signature Algorithm (ECDSA) is a crucial authentication component of many modern internet and communication systems. It is used in different domains such as cryptocurrency, IoT, e-health, e-banking, e-governance, etc. Due to the spread of open, distributed and collaborative systems brought by the sharing economy, the surge of interest in generating ECDSA in a distributed manner, i.e. Threshold Signature has grown in recent years. Threshold ECDSA based on multiparty computation (MPC) enables two or more entities of a communication system to generate a signature in a distributed manner. Whereas a subset of t + 1 parties of a group of size n can forge a signature. Any subset of t or less cannot. Threshold ECDSA requires considerable expertise. Thus, in this paper, we provide an overview on how to build a threshold ECDSA scheme in a unified structured way and we describe briefly the different cryptographic building boxes required to provide secure communication between participants, in presence of malicious parties. We also review the state of the art of Threshold ECDSA built by the most recent works and we provide a comparison between the most known schemes that assume a dishonest majority. We finally highlight some challenges and open issues.
- Jean-Philippe Aumasson, Adrian Hamelink, and Omer Shlomovits. 2020. A Survey of ECDSA Threshold Signing. Cryptology ePrint Archive, Paper 2020/1390. https://eprint.iacr.org/2020/1390 https://eprint.iacr.org/2020/1390.Google Scholar
- Donald Beaver. 1996. Correlated Pseudorandomness and the Complexity of Private Computations. In Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing (Philadelphia, Pennsylvania, USA) (STOC ’96). Association for Computing Machinery, New York, NY, USA, 479–488. https://doi.org/10.1145/237814.237996Google ScholarDigital Library
- G. R. Blakley and Gregory Kabatiansky. 2011. Secret Sharing Schemes. Springer US, Boston, MA, 1095–1097. https://doi.org/10.1007/978-1-4419-5906-5_389Google ScholarCross Ref
- Daniel R. Brown. 2005. Generic Groups, Collision Resistance, and ECDSA. Des. Codes Cryptography 35, 1 (apr 2005), 119–152. https://doi.org/10.1007/s10623-003-6154-zGoogle ScholarDigital Library
- Ran Canetti, Nikolaos Makriyannis, and Udi Peled. 2020. UC Non-Interactive, Proactive, Threshold ECDSA. Cryptology ePrint Archive, Paper 2020/492. https://eprint.iacr.org/2020/492Google Scholar
- Guilhem Castagnos, Dario Catalano, Fabien Laguillaumie, Federico Savasta, and Ida Tucker. 2020. Bandwidth-efficient threshold EC-DSA. Cryptology ePrint Archive, Paper 2020/084. https://eprint.iacr.org/2020/084Google Scholar
- Claude Crépeau. 2011. Commitment. Springer US, Boston, MA, 224–227. https://doi.org/10.1007/978-1-4419-5906-5_239Google ScholarCross Ref
- Ivan Damgård, Marcel Keller, Enrique Larraia, Christian Miles, and Nigel P. Smart. 2012. Implementing AES via an Actively/Covertly Secure Dishonest-Majority MPC Protocol. In Security and Cryptography for Networks, Ivan Visconti and Roberto De Prisco (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 241–263.Google Scholar
- Yvo Desmedt. 1988. Society and Group Oriented Cryptography: a New Concept. In Advances in Cryptology — CRYPTO ’87, Carl Pomerance (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 120–127.Google Scholar
- Jack Doerner, Yashvanth Kondi, Eysa Lee, and Abhi Shelat. 2018. Secure Two-party Threshold ECDSA from ECDSA Assumptions. In 2018 IEEE Symposium on Security and Privacy (SP). 980–997. https://doi.org/10.1109/SP.2018.00036Google ScholarCross Ref
- Jack Doerner, Yashvanth Kondi, Eysa Lee, and Abhi Shelat. 2019. Threshold ECDSA from ECDSA Assumptions: The Multiparty Case. Cryptology ePrint Archive, Paper 2019/523. https://doi.org/10.1109/SP.2019.00024Google ScholarCross Ref
- Paul Feldman. 1987. A practical scheme for non-interactive verifiable secret sharing. In 28th Annual Symposium on Foundations of Computer Science (sfcs 1987). IEEE, 427–438.Google ScholarDigital Library
- Rosario Gennar and Steven Goldfeder. 2019. Fast Multiparty Threshold ECDSA with Fast Trustless Setup. Cryptology ePrint Archive, Paper 2019/114.Google Scholar
- Rosario Gennaro and Steven Goldfeder. 2020. One Round Threshold ECDSA with Identifiable Abort. Cryptology ePrint Archive, Paper 2020/540. https://eprint.iacr.org/2020/540Google Scholar
- Rosario Gennaro, Steven Goldfeder, and Arvind Narayanan. 2016. Threshold-Optimal DSA/ECDSA Signatures and an Application to Bitcoin Wallet Security. In Applied Cryptography and Network Security, Mark Manulis, Ahmad-Reza Sadeghi, and Steve Schneider (Eds.). Springer International Publishing, Cham, 156–174.Google Scholar
- Niv Gilboa. 1999. Two Party RSA Key Generation. In Advances in Cryptology — CRYPTO’ 99, Michael Wiener (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 116–129.Google Scholar
- Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. 1988. A Digital Signature Scheme Secure against Adaptive Chosen-Message Attacks. SIAM J. Comput. 17, 2 (apr 1988), 281–308. https://doi.org/10.1137/0217017Google ScholarDigital Library
- Adam Gągol, Jędrzej Kula, Damian Straszak, and Michał Świętek. 2020. Threshold ECDSA for Decentralized Asset Custody. Cryptology ePrint Archive, Paper 2020/498. https://eprint.iacr.org/2020/498Google Scholar
- Don Johnson, Alfred Menezes, and Scott Vanstone. 2001. The Elliptic Curve Digital Signature Algorithm (ECDSA). In International Journal of Information Security. https://doi.org/10.1007/s102070100002Google ScholarDigital Library
- Bachar Kachouh, Khalil Hariss, Layth Sliman, Abed Ellatif Samhat, and Tamim Alsuliman. 2021. Privacy preservation of genome data analysis using homomorphic encryption. Service Oriented Computing and Applications 15, 4 (Dec 2021), 273–287. https://doi.org/10.1007/s11761-021-00326-0Google ScholarDigital Library
- Jonathan Katz and Yehuda Lindell. 2014. Introduction to Modern Cryptography, Second Edition (2nd ed.). Chapman amp; Hall/CRC. 443–486 pages.Google Scholar
- Neal Koblitz and Alfred Menezes. 2006. Another Look at Generic Groups. Cryptology ePrint Archive, Paper 2006/230. https://eprint.iacr.org/2006/230Google Scholar
- David Kravitz. 1993. Digital Signature Algorithm. https://patents.google.com/patent/US5231668A/en US Patent 5,231,668.Google Scholar
- Yehuda Lindell. 2011. Highly-efficient universally-composable commitments based on the DDH assumption. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 446–466.Google ScholarCross Ref
- Yehuda Lindell. 2017. Fast Secure Two-Party ECDSA Signing. In Advances in Cryptology – CRYPTO 2017, Jonathan Katz and Hovav Shacham (Eds.). Springer International Publishing, Cham, 613–644.Google ScholarCross Ref
- Yehuda Lindell, Ariel Nof, and Samuel Ranellucci. 2018. Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody. Cryptology ePrint Archive, Paper 2018/987. https://doi.org/10.1145/3243734.3243788Google ScholarDigital Library
- Philip MacKenzie and Michael K. Reiter. 2001. Two-Party Generation of DSA Signatures. In Advances in Cryptology — CRYPTO 2001, Joe Kilian (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 137–154.Google ScholarCross Ref
- Philip Mackenzie and Michael K. Reiter. 2004. Two-Party Generation of DSA Signatures. International Journal of Information and Security. 2, 3–4 (aug 2004), 218–239.Google ScholarCross Ref
- Roberto Metere and Changyu Dong. 2017. Automated Cryptographic Analysis of the Pedersen Commitment Scheme. In Computer Network Security, Jacek Rak, John Bay, Igor Kotenko, Leonard Popyack, Victor Skormin, and Krzysztof Szczypiorski (Eds.). Springer International Publishing, Cham, 275–287.Google Scholar
- Eduardo Morais, Tommy Koens, Cees van Wijk, and Aleksei Koren. 2019. A Survey on Zero Knowledge Range Proofs and Applications. ArXiv abs/1907.06381(2019).Google Scholar
- Stefania Loredana Nita and Marius Iulian Mihailescu. 2022. Signature Schemes. Apress, Berkeley, CA, 147–157. https://doi.org/10.1007/978-1-4842-8105-5_11Google ScholarCross Ref
- Pascal Paillier. 1999. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In Advances in Cryptology — EUROCRYPT ’99, Jacques Stern (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 223–238.Google Scholar
- C. P. Schnorr. 1991. Efficient signature generation by smart cards. Journal of Cryptology 4, 3 (1991), 161–174. https://doi.org/10.1007/bf00196725Google ScholarDigital Library
- Adi Shamir. 1979. How to Share a Secret. Commun. ACM 22, 11 (nov 1979), 612–613. https://doi.org/10.1145/359168.359176Google ScholarDigital Library
- Daniele Venturi. 2015. Zero-knowledge proofs and applications. University of Rome, Lecture Notes.Google Scholar
- Wikipedia. 2022. Commitment scheme. https://en.wikipedia.org/wiki/Commitment_schemeGoogle Scholar
- Bitcoin Wikipedia. 2021. Transaction. https://en.bitcoin.it/wiki/Transaction Online,accessed on 6/16/2022.Google Scholar
- Daniel Davis Wood. 2014. ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER.Google Scholar
Index Terms
- Demystifying Threshold Elliptic Curve Digital Signature Algorithm for MultiParty Applications
Recommendations
Fast Multiparty Threshold ECDSA with Fast Trustless Setup
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityA threshold signature scheme enables distributed signing among n players such that any subgroup of size $t+1$ can sign, whereas any group with t or fewer players cannot. While there exist previous threshold schemes for the ECDSA signature scheme, we are ...
An improvement of a elliptic curve digital signature algorithm
The elliptic curve digital signature algorithm ECDSA is the first successful algorithm based on elliptic curve and it is elliptic curve analogue of digital signature algorithm DSA. The security of this algorithm relies on intractability of elliptic ...
The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces
Nguyen and Shparlinski have recently presented a polynomial-time algorithm that provably recovers the signer’s secret DSA key when a few consecutive bits of the random nonces k (used at each signature generation) are known for a number of DSA signatures ...
Comments