CASTAGNOS, Guilhem; CATALANO, Dario; LAGUILLAUMIE, Fabien; SAVASTA, Federico; TUCKER, Ida

doi:10.1007/978-3-030-26954-8_7

Métadonnées

Afficher la notice complète

Licence d’utilisation du document

CASTAGNOS, Guilhem
Lithe and fast algorithmic number theory [LFANT]

CATALANO, Dario
Dipartimento di Matematica e Informatica [DMI]

LAGUILLAUMIE, Fabien
Arithmetic and Computing [ARIC]

Langue

Communication dans un congrès

Ce document a été publié dans

CRYPTO 2019 - 39th Annual International Cryptology Conference, 2019-08-18, Santa Barbara. 2019-08-01, vol. LNCS, n° 11694, p. 191-221

Résumé en anglais

ECDSA is a widely adopted digital signature standard. Unfortunately, efficient distributed variants of this primitive are notoriously hard to achieve and known solutions often require expensive zero knowledge proofs to deal with malicious adversaries. For the two party case, Lindell [Lin17] recently managed to get an efficient solution which, to achieve simulation-based security, relies on an interactive, non standard, assumption on Paillier’s cryptosystem. In this paper we generalize Lindell’s solution using hash proof systems. The main advantage of our generic method is that it results in a simulation-based security proof without resorting to non-standard interactive assumptions. Moving to concrete constructions, we show how to instantiate our framework using class groups of imaginary quadratic fields. Our implementations show that the practical impact of dropping such interactive assumptions is minimal. Indeed, while for 128-bit security our scheme is marginally slower than Lindell’s, for 256-bit security it turns out to be better both in key generation and signing time. Moreover, in terms of communication cost, our implementation significantly reduces both the number of rounds and the transmitted bits without exception.< Réduire