A (t, n)-threshold signature scheme enables distributed signing among n players such that any subset of size at least t can sign, whereas any subset with fewer players cannot. Our goal is to produce digital signatures that are compatible with an existing centralized signature scheme: the key-generation and signature algorithms are replaced by a communication protocol between the players, but the verification algorithm remains identical to that of a signature issued using the centralized algorithm. Starting from the threshold scheme for the ECDSA signature due to Gennaro and Goldfeder, we present the first protocol that supports multiparty signatures with an offline participant during the key-generation phase and that does not rely on a trusted third party. Under standard assumptions on the underlying algebraic and geometric problems (e.g. the Discrete Logarithm Problem for an elliptic curve and the computation of eth root on semi-prime residue rings), we prove our scheme secure against adaptive malicious adversaries.

Threshold ECDSA with an Offline Recovery Party / Battagliola, M.; Longo, R.; Meneghetti, A.; Sala, M.. - In: MEDITERRANEAN JOURNAL OF MATHEMATICS. - ISSN 1660-5446. - 19:1(2022), pp. 401-429. [10.1007/s00009-021-01886-3]

Threshold ECDSA with an Offline Recovery Party

Battagliola M.;Longo R.;Meneghetti A.;Sala M.
2022-01-01

Abstract

A (t, n)-threshold signature scheme enables distributed signing among n players such that any subset of size at least t can sign, whereas any subset with fewer players cannot. Our goal is to produce digital signatures that are compatible with an existing centralized signature scheme: the key-generation and signature algorithms are replaced by a communication protocol between the players, but the verification algorithm remains identical to that of a signature issued using the centralized algorithm. Starting from the threshold scheme for the ECDSA signature due to Gennaro and Goldfeder, we present the first protocol that supports multiparty signatures with an offline participant during the key-generation phase and that does not rely on a trusted third party. Under standard assumptions on the underlying algebraic and geometric problems (e.g. the Discrete Logarithm Problem for an elliptic curve and the computation of eth root on semi-prime residue rings), we prove our scheme secure against adaptive malicious adversaries.
2022
1
Battagliola, M.; Longo, R.; Meneghetti, A.; Sala, M.
Threshold ECDSA with an Offline Recovery Party / Battagliola, M.; Longo, R.; Meneghetti, A.; Sala, M.. - In: MEDITERRANEAN JOURNAL OF MATHEMATICS. - ISSN 1660-5446. - 19:1(2022), pp. 401-429. [10.1007/s00009-021-01886-3]
File in questo prodotto:
File Dimensione Formato  
Battagliola2021_Article_ThresholdECDSAWithAnOfflineRec.pdf

accesso aperto

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 528.98 kB
Formato Adobe PDF
528.98 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/327419
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 7
  • ???jsp.display-item.citation.isi??? 3
social impact