A (t, n)-threshold signature scheme enables distributed signing among n players such that any subset of size at least t can sign, whereas any subset with fewer players cannot. Our goal is to produce digital signatures that are compatible with an existing centralized signature scheme: the key-generation and signature algorithms are replaced by a communication protocol between the players, but the verification algorithm remains identical to that of a signature issued using the centralized algorithm. Starting from the threshold scheme for the ECDSA signature due to Gennaro and Goldfeder, we present the first protocol that supports multiparty signatures with an offline participant during the key-generation phase and that does not rely on a trusted third party. Under standard assumptions on the underlying algebraic and geometric problems (e.g. the Discrete Logarithm Problem for an elliptic curve and the computation of eth root on semi-prime residue rings), we prove our scheme secure against adaptive malicious adversaries.
Threshold ECDSA with an Offline Recovery Party / Battagliola, M.; Longo, R.; Meneghetti, A.; Sala, M.. - In: MEDITERRANEAN JOURNAL OF MATHEMATICS. - ISSN 1660-5446. - 19:1(2022), pp. 401-429. [10.1007/s00009-021-01886-3]
Threshold ECDSA with an Offline Recovery Party
Battagliola M.;Longo R.;Meneghetti A.;Sala M.
2022-01-01
Abstract
A (t, n)-threshold signature scheme enables distributed signing among n players such that any subset of size at least t can sign, whereas any subset with fewer players cannot. Our goal is to produce digital signatures that are compatible with an existing centralized signature scheme: the key-generation and signature algorithms are replaced by a communication protocol between the players, but the verification algorithm remains identical to that of a signature issued using the centralized algorithm. Starting from the threshold scheme for the ECDSA signature due to Gennaro and Goldfeder, we present the first protocol that supports multiparty signatures with an offline participant during the key-generation phase and that does not rely on a trusted third party. Under standard assumptions on the underlying algebraic and geometric problems (e.g. the Discrete Logarithm Problem for an elliptic curve and the computation of eth root on semi-prime residue rings), we prove our scheme secure against adaptive malicious adversaries.| File | Dimensione | Formato | |
|---|---|---|---|
|
Battagliola2021_Article_ThresholdECDSAWithAnOfflineRec.pdf
accesso aperto
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
528.98 kB
Formato
Adobe PDF
|
528.98 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
