Efficient Multiplicative-to-Additive Function from Joye-Libert Cryptosystem and Its Application to Threshold ECDSA.

Haiyang Xue; Man Ho Au; Mengling Liu; Yin Kwan Chan; Handong Cui; Xiang Xie; Tsz Hon Yuen; Chengru Zhang

Efficient Multiplicative-to-Additive Function from Joye-Libert Cryptosystem and Its Application to Threshold ECDSA.

Haiyang Xue, Man Ho Au, Mengling Liu, Yin Kwan Chan, Handong Cui, Xiang Xie, Tsz Hon Yuen, Chengru Zhang

Department of Computing

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

5 Citations (Scopus)

Abstract

Threshold ECDSA receives interest lately due to its widespread adoption in blockchain applications. A common building block of all leading constructions involves a secure conversion of multiplicative shares into additive ones, which is called the multiplicative-to-additive (MtA) function. MtA dominates the overall complexity of all existing threshold ECDSA constructions. Specifically, O(n2) invocations of MtA are required in the case of n active signers. Hence, improvement of MtA leads directly to significant improvements for all state-of-the-art threshold ECDSA schemes.

In this paper, we design a novel MtA by revisiting the Joye-Libert (JL) cryptosystem. Specifically, we revisit JL encryption and propose a JL-based commitment, then give efficient zero-knowledge proofs for JL cryptosystem which are the first to have standard soundness. Our new MtA offers the best time-space complexity trade-off among all existing MtA constructions. It outperforms state-of-the-art constructions from Paillier by a factor of 1.85 to 2 in bandwidth and 1.2 to 1.7 in computation. It is 7X faster than those based on Castagnos-Laguillaumie encryption only at the cost of 2X more bandwidth. While our MtA is slower than OT-based constructions, it saves 18.7X in bandwidth requirement. In addition, we also design a batch version of MtA to further reduce the amortised time and space cost by another 25%.

Original language	English
Title of host publication	CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery (ACM)
Pages	2974- 2988
ISBN (Electronic)	979-8-4007-0050-7
ISBN (Print)	979-8-4007-0050-7
Publication status	Published - 21 Nov 2023
Event	2023 ACM SIGSAC Conference on Computer and Communications Security - Copenhagen, Denmark Duration: 26 Nov 2023 → 30 Nov 2023

Conference

Conference	2023 ACM SIGSAC Conference on Computer and Communications Security
Country/Territory	Denmark
City	Copenhagen
Period	26/11/23 → 30/11/23

More information

https://dl.acm.org/doi/10.1145/3576915.3616595

Cite this

Xue, H., Au, M. H., Liu, M., Chan, Y. K., Cui, H., Xie, X., Yuen, T. H., & Zhang, C. (2023). Efficient Multiplicative-to-Additive Function from Joye-Libert Cryptosystem and Its Application to Threshold ECDSA. In CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (pp. 2974- 2988). Association for Computing Machinery (ACM). https://dl.acm.org/doi/10.1145/3576915.3616595

@inproceedings{a3d3c2c1a06e480bbdd2b177d7db1ffd,

title = "Efficient Multiplicative-to-Additive Function from Joye-Libert Cryptosystem and Its Application to Threshold ECDSA.",

abstract = "Threshold ECDSA receives interest lately due to its widespread adoption in blockchain applications. A common building block of all leading constructions involves a secure conversion of multiplicative shares into additive ones, which is called the multiplicative-to-additive (MtA) function. MtA dominates the overall complexity of all existing threshold ECDSA constructions. Specifically, O(n2) invocations of MtA are required in the case of n active signers. Hence, improvement of MtA leads directly to significant improvements for all state-of-the-art threshold ECDSA schemes.In this paper, we design a novel MtA by revisiting the Joye-Libert (JL) cryptosystem. Specifically, we revisit JL encryption and propose a JL-based commitment, then give efficient zero-knowledge proofs for JL cryptosystem which are the first to have standard soundness. Our new MtA offers the best time-space complexity trade-off among all existing MtA constructions. It outperforms state-of-the-art constructions from Paillier by a factor of 1.85 to 2 in bandwidth and 1.2 to 1.7 in computation. It is 7X faster than those based on Castagnos-Laguillaumie encryption only at the cost of 2X more bandwidth. While our MtA is slower than OT-based constructions, it saves 18.7X in bandwidth requirement. In addition, we also design a batch version of MtA to further reduce the amortised time and space cost by another 25%.",

author = "Haiyang Xue and Au, {Man Ho} and Mengling Liu and Chan, {Yin Kwan} and Handong Cui and Xiang Xie and Yuen, {Tsz Hon} and Chengru Zhang",

year = "2023",

month = nov,

day = "21",

language = "English",

isbn = "979-8-4007-0050-7",

pages = "2974-- 2988",

booktitle = "CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery (ACM)",

address = "United States",

note = "2023 ACM SIGSAC Conference on Computer and Communications Security ; Conference date: 26-11-2023 Through 30-11-2023",

}

Xue, H, Au, MH, Liu, M, Chan, YK, Cui, H, Xie, X, Yuen, TH & Zhang, C 2023, Efficient Multiplicative-to-Additive Function from Joye-Libert Cryptosystem and Its Application to Threshold ECDSA. in CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery (ACM), pp. 2974- 2988, 2023 ACM SIGSAC Conference on Computer and Communications Security, Copenhagen, Denmark, 26/11/23. <https://dl.acm.org/doi/10.1145/3576915.3616595>

Efficient Multiplicative-to-Additive Function from Joye-Libert Cryptosystem and Its Application to Threshold ECDSA. / Xue, Haiyang; Au, Man Ho; Liu, Mengling et al.
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery (ACM), 2023. p. 2974- 2988.

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - Efficient Multiplicative-to-Additive Function from Joye-Libert Cryptosystem and Its Application to Threshold ECDSA.

AU - Xue, Haiyang

AU - Au, Man Ho

AU - Liu, Mengling

AU - Chan, Yin Kwan

AU - Cui, Handong

AU - Xie, Xiang

AU - Yuen, Tsz Hon

AU - Zhang, Chengru

PY - 2023/11/21

Y1 - 2023/11/21

N2 - Threshold ECDSA receives interest lately due to its widespread adoption in blockchain applications. A common building block of all leading constructions involves a secure conversion of multiplicative shares into additive ones, which is called the multiplicative-to-additive (MtA) function. MtA dominates the overall complexity of all existing threshold ECDSA constructions. Specifically, O(n2) invocations of MtA are required in the case of n active signers. Hence, improvement of MtA leads directly to significant improvements for all state-of-the-art threshold ECDSA schemes.In this paper, we design a novel MtA by revisiting the Joye-Libert (JL) cryptosystem. Specifically, we revisit JL encryption and propose a JL-based commitment, then give efficient zero-knowledge proofs for JL cryptosystem which are the first to have standard soundness. Our new MtA offers the best time-space complexity trade-off among all existing MtA constructions. It outperforms state-of-the-art constructions from Paillier by a factor of 1.85 to 2 in bandwidth and 1.2 to 1.7 in computation. It is 7X faster than those based on Castagnos-Laguillaumie encryption only at the cost of 2X more bandwidth. While our MtA is slower than OT-based constructions, it saves 18.7X in bandwidth requirement. In addition, we also design a batch version of MtA to further reduce the amortised time and space cost by another 25%.

AB - Threshold ECDSA receives interest lately due to its widespread adoption in blockchain applications. A common building block of all leading constructions involves a secure conversion of multiplicative shares into additive ones, which is called the multiplicative-to-additive (MtA) function. MtA dominates the overall complexity of all existing threshold ECDSA constructions. Specifically, O(n2) invocations of MtA are required in the case of n active signers. Hence, improvement of MtA leads directly to significant improvements for all state-of-the-art threshold ECDSA schemes.In this paper, we design a novel MtA by revisiting the Joye-Libert (JL) cryptosystem. Specifically, we revisit JL encryption and propose a JL-based commitment, then give efficient zero-knowledge proofs for JL cryptosystem which are the first to have standard soundness. Our new MtA offers the best time-space complexity trade-off among all existing MtA constructions. It outperforms state-of-the-art constructions from Paillier by a factor of 1.85 to 2 in bandwidth and 1.2 to 1.7 in computation. It is 7X faster than those based on Castagnos-Laguillaumie encryption only at the cost of 2X more bandwidth. While our MtA is slower than OT-based constructions, it saves 18.7X in bandwidth requirement. In addition, we also design a batch version of MtA to further reduce the amortised time and space cost by another 25%.

M3 - Conference article published in proceeding or book

SN - 979-8-4007-0050-7

SP - 2974

EP - 2988

BT - CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery (ACM)

T2 - 2023 ACM SIGSAC Conference on Computer and Communications Security

Y2 - 26 November 2023 through 30 November 2023

ER -

Efficient Multiplicative-to-Additive Function from Joye-Libert Cryptosystem and Its Application to Threshold ECDSA.

Abstract

Conference

More information

Fingerprint

Cite this