Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Efficient ECDSA-Based Adaptor Signature for Batched Atomic Swaps

  • Conference paper
  • First Online:
Information Security (ISC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13640))

Included in the following conference series:

Abstract

Adaptor signature is a novel cryptographic primitive which ties together the signature and the leakage of a secret value. It has become an important tool for solving the scalability and interoperability problems in the blockchain. Aumayr et al. (Asiacrypt 2021) recently provide the formalization of the adaptor signature and present a provably secure ECDSA-based adaptor signature, which requires zero-knowledge proof in the pre-signing phase to ensure the signer works correctly. However, the number of zero-knowledge proofs is linear with the number of participants. In this paper, we propose efficient ECDSA-based adaptor signature schemes and give security proofs based on ECDSA. In our schemes, the zero-knowledge proofs in the pre-signing phase can be generated in a batch and offline. Meanwhile, the online pre-signing algorithm is similar to the ECDSA signing algorithm and can enjoy the same efficiency as ECDSA. In particular, considering specific verification scenarios, such as (batched) atomic swaps, our schemes can reduce the number of zero-knowledge proofs in the pre-signing phase to one, independent of the number of participants. Last, we conduct an experimental evaluation, demonstrating that the performance of our ECDSA-based adaptor signature reduces online pre-signing time by about 60% compared with the state-of-the-art ECDSA-based adaptor signature.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Both parties use time-lock to lock the exchange coins on-chain, and the timeouts \(t_1< t_0\) to ensure that \(U_1\) can have enough time to react.

  2. 2.

    Common verification scenarios require that everyone can verify signatures. However, the pre-signature of the adaptor signature is not published on the blockchain, so it is always used in the specific verification scenarios where only the participants verify the pre-signatures off-chain and others (such as miners) need not verify pre-signatures.

  3. 3.

    The zero-knowledge proof system requires straight-line extractor, also namely online extractor [12]. The straight-line extractability property allows for extraction of a witness y for a statement Y from a proof \(\pi _{Y}\) in the random oracle model and is useful for models where the rewinding proof technique is not allowed, such as UC [2].

  4. 4.

    This zero-knowledge proof system does not require straight-line extractor. Such a proof can be derived by applying the Fiat-Shamir heuristic [11] to Chaum-Pedersen \(\sum \)-protocol [6] for the language comprising valid DDH tuples.

  5. 5.

    The signer can be seen as a hard relation chooser who is the protocol initiator and holds the witness y.

  6. 6.

    All parties use time-lock to lock the exchange coins \(c_0\) with the timeouts \(t_0\) and \(c_{i}\) with the timeouts \(t_i\), and the timeouts \(t_i< t_0\), \(i\in [n]\) to ensure that \(U_i\) can have enough time to react.

  7. 7.

    The function f is defined as the projection to x-coordinate.

  8. 8.

    \(U_0\) must check all pre-signatures, because any full signature is published on blockchain, the witness y can be extracted, and all coins can be taken.

References

  1. American National Standards Institute: X9.62: Public key cryptography for the financial services industry: the elliptic curve digital signature algorithm (ECDSA) (2005)

    Google Scholar 

  2. Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., Riahi, S.: Generalized channels from limited blockchain scripts and adaptor signatures. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13091, pp. 635–664. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92075-3_22

    Chapter  Google Scholar 

  3. Aumayr, L., et al.: Bitcoin-compatible virtual channels. In: 42nd IEEE Symposium on Security and Privacy, SP 2021, pp. 901–918 (2021)

    Google Scholar 

  4. Bitcoin Wiki: Payment channels (2018). https://en.bitcoin.it/wiki/Paymentchannels

  5. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001. pp. 136–145. IEEE Computer Society (2001)

    Google Scholar 

  6. Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_7

    Chapter  Google Scholar 

  7. Decker, C., Wattenhofer, R.: A fast and scalable payment network with bitcoin duplex micropayment channels. In: Pelc, A., Schwarzmann, A.A. (eds.) SSS 2015. LNCS, vol. 9212, pp. 3–18. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21741-3_1

    Chapter  Google Scholar 

  8. Deshpande, A., Herlihy, M.: Privacy-preserving cross-chain atomic swaps. In: Bernhard, M., et al. (eds.) FC 2020. LNCS, vol. 12063, pp. 540–549. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-54455-3_38

    Chapter  Google Scholar 

  9. Eckey, L., Faust, S., Hostáková, K., Roos, S.: Splitting payments locally while routing interdimensionally. IACR Cryptology ePrint Archive 2020, 555 (2020)

    Google Scholar 

  10. Esgin, M.F., Ersoy, O., Erkin, Z.: Post-quantum adaptor signatures and payment channel networks. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12309, pp. 378–397. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59013-0_19

    Chapter  Google Scholar 

  11. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    Chapter  Google Scholar 

  12. Fischlin, M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 152–168. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_10

    Chapter  Google Scholar 

  13. Gugger, J.: Bitcoin-monero cross-chain atomic swap. IACR Cryptology ePrint Archive 2020, 1126 (2020)

    Google Scholar 

  14. Lindell, Y.: Fast secure two-party ECDSA signing. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 613–644. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_21

    Chapter  Google Scholar 

  15. Malavolta, G., Moreno-Sanchez, P., Kate, A., Maffei, M., Ravi, S.: Concurrency and privacy with payment-channel networks. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 455–471. ACM (2017)

    Google Scholar 

  16. Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., Maffei, M.: Anonymous multi-hop locks for blockchain scalability and interoperability. In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019 (2019)

    Google Scholar 

  17. Miller, A., Bentov, I., Bakshi, S., Kumaresan, R., McCorry, P.: Sprites and state channels: payment networks that go faster than lightning. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 508–526. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32101-7_30

    Chapter  Google Scholar 

  18. Moreno-Sanchez, P., Kate, A.: Scriptless scripts with ECDSA. Lightning-dev mailing list https://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20180426/fe978423/attachment-0001.pdf

  19. Poelstra, A.: Lightning in scriptless scripts. mimblewimble team mailing list (2017). https://lists.launchpad.net/mimblewimble/msg00086.html

  20. Poon, J., Dryja, T.: The bitcoin lightning network: scalable off-chain instant payments. https://lightning.network/lightning-network-paper.pdf

  21. Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_22

    Chapter  Google Scholar 

Download references

Acknowledgements

We thank the anonymous reviewers for their helpful feedback. This work is supported by the National Key Research and Development Program of China (Grant No. 2021YFA1000600) and the National Natural Science Foundation of China (Grant No. 62272269).

Author information

Authors and Affiliations

  1. School of Cyber Science and Technology, Shandong University, Qingdao, 266237, China

    Binbin Tu, Min Zhang & Chen Yu

  2. State Key Laboratory of Cryptology, P.O. Box 5159, Beijing, 100878, China

    Binbin Tu, Min Zhang & Chen Yu

  3. Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, 266237, China

    Binbin Tu, Min Zhang & Chen Yu

Authors
  1. Binbin Tu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Min Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chen Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chen Yu .

Editor information

Editors and Affiliations

  1. University of Wollongong, Wollongong, NSW, Australia

    Willy Susilo

  2. Xidian University, Xian, China

    Xiaofeng Chen

  3. University of Wollongong, Wollongong, NSW, Australia

    Fuchun Guo

  4. University of Wollongong, Wollongong, NSW, Australia

    Yudi Zhang

  5. Petra Christian University, Surabaya, Indonesia

    Rolly Intan

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tu, B., Zhang, M., Yu, C. (2022). Efficient ECDSA-Based Adaptor Signature for Batched Atomic Swaps. In: Susilo, W., Chen, X., Guo, F., Zhang, Y., Intan, R. (eds) Information Security. ISC 2022. Lecture Notes in Computer Science, vol 13640. Springer, Cham. https://doi.org/10.1007/978-3-031-22390-7_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22390-7_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22389-1

  • Online ISBN: 978-3-031-22390-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation