Afficher la notice abrégée

hal.structure.identifierLithe and fast algorithmic number theory [LFANT]
hal.structure.identifierAnalyse cryptographique et arithmétique [CANARI]
dc.contributor.authorCASTAGNOS, Guilhem
hal.structure.identifierUniversità degli studi di Catania = University of Catania [Unict]
dc.contributor.authorCATALANO, Dario
hal.structure.identifierExact Computing [LIRMM | ECO]
dc.contributor.authorLAGUILLAUMIE, Fabien
hal.structure.identifierUniversità degli studi di Catania = University of Catania [Unict]
dc.contributor.authorSAVASTA, Federico
hal.structure.identifierInstitute IMDEA Software [Madrid]
dc.contributor.authorTUCKER, Ida
dc.date.accessioned2024-04-04T02:36:37Z
dc.date.available2024-04-04T02:36:37Z
dc.date.issued2023
dc.identifier.issn1879-2294
dc.identifier.urihttps://oskar-bordeaux.fr/handle/20.500.12278/190733
dc.description.abstractEnDue to their use in crypto-currencies, threshold ECDSA signatures have received much attention in recent years. Though efficient solutions now exist both for the two party, and the full threshold scenario, there is still much room for improvement, be it in terms of protocol functionality, strengthening security or further optimising efficiency. In the past few months, a range of protocols have been published, allowing for a non interactive-and hence extremely efficient-signing protocol; providing new features, such as identifiable aborts (parties can be held accountable if they cause the protocol to fail), fairness in the honest majority setting (all parties receive output or nobody does) and other properties. In some cases, security is proven in the strong simulation based model. We combine ideas from the aforementioned articles with the suggestion of Castagnos et al. (PKC 2020) to use the class group based CL framework so as to drastically reduce bandwidth consumption. Building upon this latter protocol we present a new, maliciously secure, full threshold ECDSA protocol that achieves additional features without sacrificing efficiency. Our most basic protocol boasts a non interactive signature algorithm and identifiable aborts. We also propose a more advanced variant that achieves adaptive security (for the n-out-of-n case) and proactive security. Our resulting constructions improve upon state of the art Paillier's based realizations achieving similar goals by up to a 10 factor in bandwidth consumption.
dc.description.sponsorshipCalcul réparti sécurisé : Cryptographie, Combinatoire, Calcul Formel - ANR-21-CE39-0006
dc.description.sponsorshipSecure computations - ANR-22-PECY-0003
dc.language.isoen
dc.publisherElsevier
dc.rights.urihttp://creativecommons.org/licenses/by/
dc.subject.enThreshold Cryptography
dc.subject.enEC-DSA
dc.subject.enDigital Signatures
dc.subject.enMulti-Party Computation
dc.subject.enProvable Security
dc.subject.enClass Groups
dc.title.enBandwidth-efficient threshold EC-DSA revisited: Online/Offline Extensions, Identifiable Aborts Proactive and Adaptive Security
dc.typeArticle de revue
dc.identifier.doi10.1016/j.tcs.2022.10.016
dc.subject.halInformatique [cs]/Cryptographie et sécurité [cs.CR]
dc.description.sponsorshipEuropeCryptography for Privacy and Integrity of Computation on Untrusted Machines
bordeaux.journalTheoretical Computer Science
bordeaux.page78-104
bordeaux.volume939
bordeaux.hal.laboratoriesInstitut de Mathématiques de Bordeaux (IMB) - UMR 5251*
bordeaux.institutionUniversité de Bordeaux
bordeaux.institutionBordeaux INP
bordeaux.institutionCNRS
bordeaux.peerReviewedoui
hal.identifierhal-03927198
hal.version1
hal.popularnon
hal.audienceInternationale
hal.origin.linkhttps://hal.archives-ouvertes.fr//hal-03927198v1
bordeaux.COinSctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.jtitle=Theoretical%20Computer%20Science&rft.date=2023&rft.volume=939&rft.spage=78-104&rft.epage=78-104&rft.eissn=1879-2294&rft.issn=1879-2294&rft.au=CASTAGNOS,%20Guilhem&CATALANO,%20Dario&LAGUILLAUMIE,%20Fabien&SAVASTA,%20Federico&TUCKER,%20Ida&rft.genre=article


Fichier(s) constituant ce document

FichiersTailleFormatVue

Il n'y a pas de fichiers associés à ce document.

Ce document figure dans la(les) collection(s) suivante(s)

Afficher la notice abrégée