Paper 2020/084
Bandwidth-efficient threshold EC-DSA
Guilhem Castagnos, Dario Catalano, Fabien Laguillaumie, Federico Savasta, and Ida Tucker
Abstract
Threshold Signatures allow n parties to share the power of issuing digital signatures so that any coalition of size at least (t+1) can sign, whereas groups of t or less players cannot. Over the last few years many schemes addressed the question of realizing efficient threshold variants for the specific case of EC-DSA signatures. In this paper we present new solutions to the problem that aim at reducing the overall bandwidth consumption. Our main contribution is a new variant of the Gennaro and Goldfeder protocol from ACM CCS 2018 that avoids all the required range proofs, while retaining provable security against malicious adver- saries in the dishonest majority setting. Our experiments show that – for all levels of security – our signing protocol reduces the bandwidth consumption of best previously known secure protocols for factors varying between 4.4 and 9, while key generation is consistently two times less expensive. Furthermore compared to these same protocols, our signature generation is faster for 192-bits of security and beyond.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Minor revision. PKC 2020
- Keywords
- threshold signaturesECDSAclass groupsbandwidth efficient
- Contact author(s)
- ida tucker @ ens-lyon fr
- History
- 2021-09-09: last of 2 revisions
- 2020-01-28: received
- See all versions
- Short URL
- https://ia.cr/2020/084
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/084,
author = {Guilhem Castagnos and Dario Catalano and Fabien Laguillaumie and Federico Savasta and Ida Tucker},
title = {Bandwidth-efficient threshold EC-DSA},
howpublished = {Cryptology ePrint Archive, Paper 2020/084},
year = {2020},
note = {\url{https://eprint.iacr.org/2020/084}},
url = {https://eprint.iacr.org/2020/084}
}
