Harry W. H. Wong (The Chinese University of Hong Kong), Jack P. K. Ma (The Chinese University of Hong Kong), Hoover H. F. Yin (The Chinese University of Hong Kong), Sherman S. M. Chow (The Chinese University of Hong Kong)

Threshold ECDSA recently regained popularity due to decentralized applications such as DNSSEC and cryptocurrency asset custody. Latest (communication-optimizing) schemes often assume all n or at least n' >= t participating users remain honest throughout the pre-signing phase, essentially degenerating to n'-out-of-n' multiparty signing instead of t-out-of-n threshold signing. When anyone misbehaves, all signers must restart from scratch, rendering prior computation and communication in vain. This hampers the adoption of threshold ECDSA in time-critical situations and confines its use to a small signing committee.

To mitigate such denial-of-service vulnerabilities prevalent in state-of-the-art, we propose a robust threshold ECDSA scheme that achieves the t-out-of-n threshold flexibility "for real" throughout the whole pre-signing and signing phases without assuming an honest majority. Our scheme is desirable when computational resources are scarce and in a decentralized setting where faults are easier to be induced. Our design features 4-round pre-signing, O(n) cheating identification, and self-healing machinery over distributive shares. Prior arts mandate abort after an O(n^2)-cost identification, albeit with 3-round pre-signing (Canetti et al., CCS '20), or O(n) using 6 rounds (Castagnos et al., TCS '23). Empirically, our scheme saves up to ~30% of the communication cost, depending on at which stage the fault occurred.

View More Papers

ReScan: A Middleware Framework for Realistic and Robust Black-box...

Kostas Drakonakis (FORTH), Sotiris Ioannidis (Technical University of Crete), Jason Polakis (University of Illinois at Chicago)

Read More

FCGAT: Interpretable Malware Classification Method using Function Call Graph...

Minami Someya (Institute of Information Security), Yuhei Otsubo (National Police Academy), Akira Otsuka (Institute of Information Security)

Read More

Non-Interactive Privacy-Preserving Sybil-Free Authentication Scheme in VANETs

Mahdi Akil (Karlstad University), Leonardo Martucci (Karlstad University), Jaap-Henk Hoepman (Radboud University)

Read More

ProbFlow : Using Probabilistic Programming in Anonymous Communication Networks

Hussein Darir (University of Illinois Urbana-Champaign), Geir Dullerud (University of Illinois Urbana-Champaign), Nikita Borisov (University of Illinois Urbana-Champaign)

Read More