Harry W. H. Wong (The Chinese University of Hong Kong), Jack P. K. Ma (The Chinese University of Hong Kong), Hoover H. F. Yin (The Chinese University of Hong Kong), Sherman S. M. Chow (The Chinese University of Hong Kong)

Threshold ECDSA recently regained popularity due to decentralized applications such as DNSSEC and cryptocurrency asset custody. Latest (communication-optimizing) schemes often assume all n or at least n' >= t participating users remain honest throughout the pre-signing phase, essentially degenerating to n'-out-of-n' multiparty signing instead of t-out-of-n threshold signing. When anyone misbehaves, all signers must restart from scratch, rendering prior computation and communication in vain. This hampers the adoption of threshold ECDSA in time-critical situations and confines its use to a small signing committee.

To mitigate such denial-of-service vulnerabilities prevalent in state-of-the-art, we propose a robust threshold ECDSA scheme that achieves the t-out-of-n threshold flexibility "for real" throughout the whole pre-signing and signing phases without assuming an honest majority. Our scheme is desirable when computational resources are scarce and in a decentralized setting where faults are easier to be induced. Our design features 4-round pre-signing, O(n) cheating identification, and self-healing machinery over distributive shares. Prior arts mandate abort after an O(n^2)-cost identification, albeit with 3-round pre-signing (Canetti et al., CCS '20), or O(n) using 6 rounds (Castagnos et al., TCS '23). Empirically, our scheme saves up to ~30% of the communication cost, depending on at which stage the fault occurred.

View More Papers

Let Me Unwind That For You: Exceptions to Backward-Edge...

Victor Duta (Vrije Universiteit Amsterdam), Fabian Freyer (University of California San Diego), Fabio Pagani (University of California, Santa Barbara), Marius Muench (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam)

Read More

Efficient Privacy-Preserved Processing of Multimodal Data for Vehicular Traffic...

Meisam Mohammady (Iowa State University), Reza Arablouei (Data61, CSIRO)

Read More

QUICforge: Client-side Request Forgery in QUIC

Yuri Gbur (Technische Universität Berlin), Florian Tschorsch (Technische Universität Berlin)

Read More