Low-Bandwidth Threshold ECDSA via Pseudorandom Correlation Generators

Abram, Damiano; Nof, Ariel; Orlandi, Claudio; Schöll, Peter; Shlomovits, Omer

doi:10.1109/sp46214.2022.9833559

Cited by 17 publications

(2 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Communication cost refers to the number of messages each party sends/broadcasts. 2 The '+' part indicates the extra cost for fault identification. For per-party computational cost, we distinguish between the cost of computing the signature and verifying intermediate values, which may only needed for fault identification.…”

Section: ) Distributively Generate Randomness K In Ciphertext;mentioning

confidence: 99%

See 1 more Smart Citation

Secure Multiparty Computation of Threshold Signatures Made More Efficient

Wong,

Ma,

Chow

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Threshold signatures, notably ECDSA, are fundamental for securing decentralized applications. Their non-linear structure poses challenges in distributed signing, often tackled by pairwise multiplicative-to-additive share conversion, leading to O(n) communication and O(n 2 ) verification costs for each of n signers. Moreover, most schemes lack robustness, necessitating a complete restart upon fault. A pioneering work by Wong et al. (NDSS '23) still requires rolling back to the preceding round to resume signing after another round to convince all other signers.We revisit secure multiparty computation from threshold linearly homomorphic encryption (LHE). Realizing its public verifiability and fault recovery, we encompass two technical contributions to Castagnos-Laguillaumie LHE (CT-RSA '15): a 2-round robust distributed key generation (DKG) protocol in the dishonest majority setting and an accompanying zero-knowledge proof allowing extraction in an unknown-order group. We extend the DKG with dual-code-based verification (ACNS '17), upgrading its O(tn 2 )-cost private verifiability to an O(n 2 ) public one.Built on our DKG, we present the first threshold ECDSA protocol with O(1) communication and O(n) verification perparty costs while matching the lowest round complexity of nonrobust schemes (CCS '20). Empirically, we halve the computation and communication costs of the signing phase compared to stateof-the-art robust threshold ECDSA (NDSS '23). We also illustrate the versatility of our techniques with an improved threshold extension (IEEE S&P '23) of BBS+ signatures (IEEE Syst. J. '13). * Sherman Chow (corresponding author) is supported by the General Research Fund (CUHK 14210621) from Research Grant Council, Hong Kong. The authors acknowledge the anonymous reviewers for their valuable input. Special appreciation is expressed to Rosario Gennaro for providing insightful comments on a related PhD thesis.

show abstract

Section: ) Distributively Generate Randomness K In Ciphertext;mentioning

confidence: 99%

“…We refer to representative works [11], [16], [35], [48] for surveys of developments [38]. Abram et al [2] propose a non-robust scheme with 1-round pre-signing via a pseudorandom correlation generator.…”

Section: ) Reduction In Exponentiation (Section V-a)mentioning

confidence: 99%

Secure Multiparty Computation of Threshold Signatures Made More Efficient

Wong,

Ma,

Chow

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

Correlated Pseudorandomness from Expand-Accumulate Codes

Elette

Couteau

Gilboa

et al. 2022

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

A pseudorandom correlation generator (PCG) is a recent tool for securely generating useful sources of correlated randomness, such as random oblivious transfers (OT) and vector oblivious linear evaluations (VOLE), with low communication cost.We introduce a simple new design for PCGs based on so-called expand-accumulate codes, which first apply a sparse random expander graph to replicate each message entry, and then accumulate the entries by computing the sum of each prefix. Our design offers the following advantages compared to state-of-the-art PCG constructions:• Competitive concrete efficiency backed by provable security against relevant classes of attacks;• An offline-online mode that combines simple parallelization with a cache-friendly offline phase;• Concretely efficient extensions to pseudorandom correlation functions, which enable incremental generation of new correlation instances on demand, and to new kinds of correlated randomness that include circuit-dependent correlations.To further improve the concrete computational cost, we propose a method for speeding up a fulldomain evaluation of a puncturable pseudorandom function (PPRF). This is independently motivated by other cryptographic applications of PPRFs.

show abstract