TY - GEN
T1 - Efficient Online-friendly Two-Party ECDSA Signature
AU - Xue, Haiyang
AU - Au, Man Ho
AU - Xie, Xiang
AU - Yuen, Tsz Hon
AU - Cui, Handong
N1 - Funding Information:
We would like to thank Xuyang Song and Xueli Wang for their help in the experiments. Haiyang Xue is supported by the National Natural Science Foundation of China (No. 62172412), the National Key Research and Development Program of China (No. 2020YFB1807502). Man Ho Au is supported by the National Natural Science Foundation of China (No. 61972332), the Research Grant Council of Hong Kong (GRF Project 15211120).
Publisher Copyright:
© 2021 ACM.
PY - 2021/11/12
Y1 - 2021/11/12
N2 - Two-party ECDSA signatures have received much attention due to their widespread deployment in cryptocurrencies. Depending on whether or not the message is required, we could divide two-party signing into two different phases, namely, offline and online. Ideally, the online phase should be made as lightweight as possible. At the same time, the cost of the offline phase should remain similar to that of a normal signature generation. However, the existing two-party protocols of ECDSA are not optimal: either their online phase requires decryption of a ciphertext, or their offline phase needs at least two executions of multiplicative-to-additive conversion which dominates the overall complexity. This paper proposes an online-friendly two-party ECDSA with a lightweight online phase and a single multiplicative-to-additive function in the offline phase. It is constructed by a novel design of a re-sharing of the secret key and a linear sharing of the nonce. Our scheme significantly improves previous protocols based on either oblivious transfer or homomorphic encryption. We implement our scheme and show that it outperforms prior online-friendly schemes (i.e., those have lightweight online cost) by a factor of roughly 2 to 9 in both communication and computation. Furthermore, our two-party scheme could be easily extended to the 2-out-of-n threshold ECDSA.
AB - Two-party ECDSA signatures have received much attention due to their widespread deployment in cryptocurrencies. Depending on whether or not the message is required, we could divide two-party signing into two different phases, namely, offline and online. Ideally, the online phase should be made as lightweight as possible. At the same time, the cost of the offline phase should remain similar to that of a normal signature generation. However, the existing two-party protocols of ECDSA are not optimal: either their online phase requires decryption of a ciphertext, or their offline phase needs at least two executions of multiplicative-to-additive conversion which dominates the overall complexity. This paper proposes an online-friendly two-party ECDSA with a lightweight online phase and a single multiplicative-to-additive function in the offline phase. It is constructed by a novel design of a re-sharing of the secret key and a linear sharing of the nonce. Our scheme significantly improves previous protocols based on either oblivious transfer or homomorphic encryption. We implement our scheme and show that it outperforms prior online-friendly schemes (i.e., those have lightweight online cost) by a factor of roughly 2 to 9 in both communication and computation. Furthermore, our two-party scheme could be easily extended to the 2-out-of-n threshold ECDSA.
KW - blockchain
KW - ECDSA
KW - threshold signature
KW - two-party signature
KW - zero-knowledge proof
UR - http://www.scopus.com/inward/record.url?scp=85119353497&partnerID=8YFLogxK
U2 - 10.1145/3460120.3484803
DO - 10.1145/3460120.3484803
M3 - Conference article published in proceeding or book
AN - SCOPUS:85119353497
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 558
EP - 573
BT - CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
T2 - 27th ACM Annual Conference on Computer and Communication Security, CCS 2021
Y2 - 15 November 2021 through 19 November 2021
ER -