Abstract
Schnorr signatures are a popular choice due to their simplicity, provable security, and linear structure that enables relatively easy threshold signing protocols. The deterministic variant of Schnorr (where the nonce is derived in a stateless manner using a PRF from the message and a long term secret) is widely used in practice since it mitigates the threats of a faulty or poor randomness generator (which in Schnorr leads to catastrophic breaches of security). Unfortunately, threshold protocols for the deterministic variant of Schnorr have so far been quite inefficient, as they make non black-box use of the PRF involved in the nonce generation.
In this paper, we present the first two-party threshold protocol for Schnorr signatures, where signing is stateless and deterministic, and only makes black-box use of the underlying cryptographic algorithms.
We present a protocol from general assumptions which achieves covert security, and a protocol that achieves full active security under standard factoring-like assumptions. Our protocols make crucial use of recent advances within the field of pseudorandom correlation functions (PCFs).
As an additional benefit, only two-rounds are needed to perform distributed signing in our protocol, connecting our work to a recent line of research on the trade-offs between round complexity and cryptographic assumptions for threshold Schnorr signatures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Assuming that the adversary uses the general number field sieve, \(\ell (\kappa ) = \widetilde{\varTheta }(\kappa ^3)\).
- 2.
\(\eta \) really should be rounded up to an integer, but this makes almost no difference.
References
Kılınç Alper, H., Burdges, J.: Two-round trip schnorr multi-signatures via delinearized witnesses. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 157–188. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_7
Aumann, Y., Lindell, Y.: Security against covert adversaries: efficient protocols for realistic adversaries. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 137–156. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_8
Abram, D., Nof, A., Orlandi, C., Scholl, P., Shlomovits, O.: Low-bandwidth threshold ECDSA via pseudorandom correlation generators. In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, 22–26 May 2022, pp. 2554–2572. IEEE (2022)
Aranha, D.F., Novaes, F.R., Takahashi, A., Tibouchi, M., Yarom, Y.: LadderLeak: breaking ECDSA with less than one bit of nonce leakage. In: ACM CCS 2020, November 2020
Barwood, G.: Digital signatures using elliptic curves, message 32f519ad. 19609226@news.dial.pipex.com posted to sci.crypt., (1997)
Barker, E.: Recommendation for key management: Part 1 - general. Technical Report NIST Special Publication (SP) 800–57, Part 1, Rev. 5, National Institute of Standards and Technology, Gaithersburg, MD (2020)
Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, May 2018
Boyle, E., Couteau, G., Gilboa, N., Ishai, Y., Kohl, L., Scholl, P.: Correlated pseudorandom functions from variable-density LPN. In: 61st FOCS, November (2020)
Brandenburger, M., Cachin, C., Lorenz, M., Kapitza, R.: Rollback and forking detection for trusted execution environments using lightweight collective memory. In: DSN 2017 (2017)
Brandão, L.T.A.N., Davidson, M.: NISTIR 8214B, Notes on Threshold EdDSA/Schnorr Signatures (2022). https://csrc.nist.gov/publications/detail/nistir/8214b/draft
Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B-Y :. High-speed high-security signatures. In CHES 2011, September/October (2011)
Bonte, C., Smart, N.P., Tanguy, T.: Thresholdizing hasheddsa: MPC to the rescue. Int. J. Inf. Sec. 20(6), 879–894 (2021)
Canetti, R., Gennaro, R., Goldfeder, S., Makriyannis, N., Peled, U.: UC non-interactive, proactive, threshold ECDSA with identifiable aborts. In: ACM CCS 2020, November 2020
Couteau, G., Klooß, M., Lin, H., Reichle, M.: Efficient Range Proofs with Transparent Setup from Bounded Integer Commitments. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021, Part III. LNCS, vol. 12698, pp. 247–277. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77883-5_9
Drijvers, M., et al.: On the security of two-round multi-signatures. In: 2019 IEEE Symposium on Security and Privacy, May 2019
Desmedt, Y.: Society and group oriented cryptography: a new concept. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 120–127. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_8
Damgård, I., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36178-2_8
Dodis, Y., Halevi, S., Rothblum, R.D., Wichs, D.: Spooky Encryption and Its Applications. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part III. LNCS, vol. 9816, pp. 93–122. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_4
Dalskov, A., Orlandi, C., Keller, M., Shrishak, K., Shulman, H.: Securing DNSSEC keys via threshold ECDSA from generic MPC. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020, Part II. LNCS, vol. 12309, pp. 654–673. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59013-0_32
Everspaugh, A., Zhai, Y., Jellinek, R., Ristenpart, T., Swift, M.: Not-so-random numbers in virtualized Linux and the whirlwind RNG. In: 2014 IEEE Symposium on Security and Privacy, May 2014
Gennaro, R., Goldfeder, S.: Fast multiparty threshold ECDSA with fast trustless setup. In: ACM CCS 2018, October 2018
Gilboa, N.: Two party RSA key generation. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 116–129. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_8
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptology 20(1), 51–83 (2006). https://doi.org/10.1007/s00145-006-0347-3
Garillot, F., Kondi, Y., Mohassel, P., Nikolaenko, V.: Threshold Schnorr with stateless deterministic signing from standard assumptions. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 127–156. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_6
Goldreich, O., Micali, S., Wigderson, A.: How to prove all NP statements in zero-knowledge and a methodology of cryptographic protocol design (Extended Abstract). In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 171–185. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_11
Heninger, N.: RSA, DH and DSA in the Wild. In: Bos, J., Stam, M. (eds.), Computational Cryptography, chapter 6, pp. 140–181. Cambridge University Press (2022)
Howgrave-Graham, N., Smart, N.P.: Lattice attacks on digital signature schemes. Des. Codes Cryptogr. 23(3), 283–290 (2001)
Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_9
Jawurek, M., Kerschbaum, F., Orlandi, C.: Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently. In: ACM CCS 2013, November 2013
Kumari, R., Alimomeni, M., Safavi-Naini, R.: Performance analysis of Linux RNG in virtualized environments. In: ACM Workshop on Cloud Computing Security Workshop - CCSW 2015, New York, USA (2015)
Komlo, C., Goldberg, I.: FROST: flexible round-optimized Schnorr threshold signatures. SAC 2020(October), 21–23 (2020)
Lindell, Y.: Simple three-round multiparty schnorr signing with full simulatability. Cryptology ePrint Archive, Report 2022/374 (2022). http://eprint.iacr.org/2022/374
Lindell, Y., Nof, A.: Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: ACM CCS 2018, October 2018
Matetic, S., et al.: ROTE: rollback protection for trusted execution. In: USENIX Security 2017, August 2017
De Micheli, G., Heninger, N.: Recovering cryptographic keys from partial information, by example. Cryptology ePrint Archive, Report 2020/1506 (2020). https://eprint.iacr.org/2020/1506
Maxwell, G., Poelstra, A., Seurin, Y., Wuille, P.: Simple schnorr multi-signatures with applications to bitcoin. Des. Codes Cryptography 87(9), 2139–2164 (2019)
Nicolosi, A., Krohn, M.N., Dodis, Y., Mazieres, D.: Proactive two-party signatures for user authentication. In: NDSS 2003, February 2003
Nick, J., Ruffing, T., Seurin, Y.: MuSig2: simple two-round Schnorr multi-signatures. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 189–221. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_8
Nick, J., Ruffing, T., Seurin, Y., Wuille, P.: MuSig-DN: schnorr multi-signatures with verifiably deterministic nonces. In: ACM CCS 2020, November 2020
Orlandi, C., Scholl, P., Yakoubov, S.: The rise of Paillier: homomorphic secret sharing and public-key silent OT. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021, Part I. LNCS, vol. 12696, pp. 678–708. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_24
Pedersen, T.P.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_47
Parno, B., Lorch, J.R., Douceur, J.R., Mickens, J.W., McCune, J.M.: Memoir: practical state continuity for protected modules. In: 2011 IEEE Symposium on Security and Privacy, May 2011
Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_33
Roy, L.: SoftSpokenOT: communication-computation tradeoffs in OT extension. In: CRYPTO 2022 (2022)
Roy, L., Singh, J.: Large message homomorphic secret sharing from DCR and applications. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part III. LNCS, vol. 12827, pp. 687–717. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_23
Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161–174 (1991). https://doi.org/10.1007/BF00196725
Strackx, R., Piessens, F.: Ariadne: a minimal approach to state continuity. In: USENIX Security 2016, August 2016
Stinson, D.R., Strobl, R.: Provably secure distributed Schnorr signatures and a \((t, n)\) threshold scheme for implicit certificates. In: ACISP 01, July 2001
Smart, N.P., Alaoui, Y.T.: Distributing any elliptic curve based protocol. In: 17th IMA International Conference on Cryptography and Coding, December 2019
Wigley, J.: Removing need for RNG in signatures, message 5gov5d\$pad@wapping.ecs.soton.ac.uk posted to sci.crypt (1997). https://groups.google.com/group/sci.crypt/msg/a6da45bcc8939a89
Wuille, P., Nick, J., Ruffing, T.: BIP 340: Schnorr signatures for secp256k1. https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
Acknowledgments
The research described in this paper received funding from: the Concordium Blockhain Research Center, Aarhus University, Denmark; the Carlsberg Foundation under the Semper Ardens Research Project CF18-112 (BCM); the European Research Council (ERC) under the European Unions’s Horizon 2020 research and innovation programme under grant agreement No 803096 (SPEC); the Danish Independent Research Council under Grant-ID DFF-0165-00107B (C3PO).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Kondi, Y., Orlandi, C., Roy, L. (2023). Two-Round Stateless Deterministic Two-Party Schnorr Signatures from Pseudorandom Correlation Functions. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14081. Springer, Cham. https://doi.org/10.1007/978-3-031-38557-5_21
Download citation
DOI: https://doi.org/10.1007/978-3-031-38557-5_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-38556-8
Online ISBN: 978-3-031-38557-5
eBook Packages: Computer ScienceComputer Science (R0)