Non-interactive SM2 threshold signature scheme with identifiable abort

doi:10.1007/s11704-022-2288-x

Frontiers of Computer Science

2024, Vol. 18

Issue (1): 181802 https://doi.org/10.1007/s11704-022-2288-x

本期目录

Non-interactive SM2 threshold signature scheme with identifiable abort

Huiqiang LIANG, Jianhua CHEN(

)

School of Mathematics and Statistics, Wuhan University, Wuhan 430072, China

全文: PDF(9042 KB) HTML

Abstract：

A threshold signature is a special digital signature in which the $N$ -signer share the private key $x$ and can construct a valid signature for any subset of the included $t$ -signer, but less than $t$ -signer cannot obtain any information. Considering the breakthrough achievements of threshold ECDSA signature and threshold Schnorr signature, the existing threshold SM2 signature is still limited to two parties or based on the honest majority setting, there is no more effective solution for the multiparty case. To make the SM2 signature have more flexible application scenarios, promote the application of the SM2 signature scheme in the blockchain system and secure cryptocurrency wallets. This paper designs a non-interactive threshold SM2 signature scheme based on partially homomorphic encryption and zero-knowledge proof. Only the last round requires the message input, so make our scheme non-interactive, and the pre-signing process takes 2 rounds of communication to complete after the key generation. We allow arbitrary threshold $t ≤ n$ and design a key update strategy. It can achieve security with identifiable abort under the malicious majority, which means that if the signature process fails, we can find the failed party. Performance analysis shows that the computation and communication costs of the pre-signing process grows linearly with the parties, and it is only $1 / 3$ of the Canetti’s threshold ECDSA (CCS'20).

Key words： SM2 signature secure multi-party computation threshold signature UC-secure dishonest majority

收稿日期: 2022-05-25 出版日期: 2023-02-21

Corresponding Author(s): Jianhua CHEN

作者简介:

Qingyong Zheng and Ya Gao contributed equally to this work.

引用本文:

. [J]. Frontiers of Computer Science, 2024, 18(1): 181802.
Huiqiang LIANG, Jianhua CHEN. Non-interactive SM2 threshold signature scheme with identifiable abort. Front. Comput. Sci., 2024, 18(1): 181802.

链接本文:

https://academic.hep.com.cn/fcs/CN/10.1007/s11704-022-2288-x
https://academic.hep.com.cn/fcs/CN/Y2024/V18/I1/181802

Sym.	SM2	modified SM2
sk	$d A$	$x$
pk	$d A G$	$(x ? 1 ? 1) G$
$x 1$	$(x 1, y 1) = k G$	$(x 1, y 1) = k G$
e	$H v (Z A \| \| M)$	$H v (Z A \| \| M)$
r	$e + x 1 mod n$	$e + x 1 mod n$
s	$(1 + d A) ? 1 (k ? r d A) mod n$	$x (k + r) ? r mod n$

Tab.1

Fig.1

Fig.2

Fig.3

Fig.4

Fig.5

Fig.6

Fig.7

Fig.8

Fig.9

Fig.10

Fig.11

Step	Round	Computation	Communication
Paillier-keygen	1	422 $N$	$n (2 k + 334 μ)$
SM2Ts-keygen	6	$8 N + (14 + t) G + 4 N 2 + n (17 N + 8 G + 14 N 2)$	$9 k + 7 μ + n (18 k + 13 μ)$
Pre-signing	2	$8 N + 4 G + 4 N 2 + t (17 N + 4 G + 12 N 2)$	$9 k + 7 μ + t (17 k + 12 μ)$
Signing	1	0	$n k$
MultiAdd	2	$8 N + 3 G + 4 N 2 + n (16 N + 3 G + 12 N 2)$	$9 k + 7 μ + n (17 k + 12 μ)$
VSS	1	$t G + n (N + 5 G + 2 N 2)$	$(t + 2) k + n μ$

Tab.2

Step	Round	Computation	Communication
Keygen	5	$n (11 G + 11 N 2)$	$n (11 k + 11 μ)$
Keygen(ours)	7	$14 G + 434 N 2 + n (9 G + 31 N 2)$	$9 k + 7 μ + n (19 k + 346 μ)$
Signing	8	$n (78 G + 21 N 2)$	$n (59 k + 24 μ)$
Signing(ours)	3	$4 G + 12 N 2 + n (4 G + 29 N 2)$	$9 k + 7 μ + n (18 k + 12 μ)$

Tab.3

Pre-signing	Round	Computation	Communication
Three rounds	3	$n (56 N + 12 G + 33 N 2)$	$n (57 k + 54 μ)$
Six rounds	6	$n (49 N + 29 G + 33 N 2)$	$n (67 k + 51 μ)$
Lightweight	7	$n (38 N + 26 G + 19 N 2)$	$n (67 k + 30 μ)$
Ours	2	$8 N + 4 G + 4 N 2 + t (17 N + 4 G + 12 N 2)$	$9 k + 7 μ + t (17 k + 12 μ)$

Tab.4

Tab.5

ZKproof	Computation (prover)	Computation (verifier)	Communication
prm	80 $N$	80 $N$	160 $μ$
mod	160 $N$	80 $N$	160 $μ$
fac	10 $N$	11 $N$	2 $k$ +11 $μ$
log*	1 $G$ +5 $N$ +1 $N 2$	2 $G$ +3 $N$ +2 $N 2$	7 $k$ +6 $μ$
enc	5 $N$ +1 $N 2$	3 $N$ +2 $N 2$	6 $k$ +6 $μ$
enc*	1 $G$ +10 $N$ +3 $N 2$	2 $G$ +6 $N$ +5 $N 2$	17 $k$ +12 $μ$
log	1 $G$	2 $G$	2 $k$
mul	2 $N 2$	3 $N$ +4 $N 2$	$k$ +2 $μ$

1	Y Desmedt . Society and group oriented cryptography: a new concept. In: Proceedings of the Advances in Cryptology. 1988, 120−127
2	Y, Desmedt Y Frankel . Threshold cryptosystems. In: Proceedings of the Advances in Cryptology. 1990, 307−315
3	ISO. ISO/IEC 14888-3:2018 IT security techniques-Digital signatures with appendix-part 3: discrete logarithm based mechanisms. Geneva, Switzerland: International Organization for Standardization, 2018
4	J, Nick T, Ruffing Y Seurin . MuSig2: simple two-round schnorr multi-signatures. In: Proceedings of the 41st Annual International Cryptology Conference on Advances in Cryptology. 2021, 189–221
5	P, MacKenzie M K Reiter . Two-party generation of DSA signatures. In: Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology. 2001, 137−154
6	R, Gennaro S, Goldfeder A Narayanan . Threshold-optimal DSA/ECDSA signatures and an application to bitcoin wallet security. In: Proceedings of the 14th International Conference on Applied Cryptography and Network Security. 2016, 156−174
7	Y Lindell . Fast secure two-party ECDSA signing. Journal of Cryptology, 2021, 34( 4): 44
8	J, Doerner Y, Kondi E, Lee A Shelat . Secure two-party threshold ECDSA from ECDSA assumptions. In: Proceedings of 2018 IEEE Symposium on Security and Privacy (SP). 2018, 980–997
9	R, Gennaro S Goldfeder . Fast multiparty threshold ECDSA with fast trustless setup. In: Proceedings of 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018, 1179−1194
10	M Pettit . Efficient threshold-optimal ECDSA. In: Proceedings of the 20th International Conference on Cryptology and Network Security. 2021, 116−135
11	R, Canetti R, Gennaro S, Goldfeder N, Makriyannis U Peled . UC non-interactive, proactive, threshold ECDSA with identifiable aborts. In: Proceedings of 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020, 1769−1787
12	Y, Lindell A Nof . Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: Proceedings of 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018, 1837−1854
13	M, Shang Y, Ma J Q, Lin J W Jing . A threshold scheme for SM2 elliptic curve cryptographic algorithm. Journal of Cryptologic Research, 2014, 1( 2): 155–166
14	Y, Zhang D, He M, Zhang K K R Choo . A provable-secure and practical two-party distributed signing protocol for SM2 signature algorithm. Frontiers of Computer Science, 2020, 14( 3): 143803
15	M Keller . MP-SPDZ: a versatile framework for multi-party computation. In: Proceedings of 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020, 1575−1590
16	A, Acar H, Aksu A S, Uluagac M Conti . A survey on homomorphic encryption schemes: theory and implementation. ACM Computing Surveys, 2019, 51( 4): 79
17	Administration S C. Information security technology—Public key cryptographic algorithm SM2 based on elliptic curves—Part 2: Digital signature algorithm. Beijing: State Cryptography Administration, 2016
18	P Paillier . Public-key cryptosystems based on composite degree residuosity classes. In: Proceedings of the International Conference on Advances in Cryptology. 1999, 223−238
19	Tymokhanov D, Shlomovits O. Alpha-rays: key extraction attacks on threshold ECDSA implementations. IACR Cryptology ePrint Archive, 2021, 2021:1621
20	Gennaro R, Goldfeder S. One round threshold ECDSA with identifiable abort. IACR Cryptology ePrint Archive, 2020, 2020:540
21	A Shamir . How to share a secret. Communications of the ACM, 1979, 22( 11): 612–613
22	P Feldman . A practical scheme for non-interactive verifiable secret sharing. In: Proceedings of the 28th Annual Symposium on Foundations of Computer Science. 1987, 427−438
23	Lindell Y. Simple three-round multiparty schnorr signing with full simulatability. IACR Cryptology ePrint Archive, 2022, 2022:374
24	R, Cramer I, Damgård B Schoenmakers . Proofs of partial knowledge and simplified design of witness hiding protocols. In: Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology. 1994, 174−187
25	R, Cohen I, Haitner E, Omri L Rotem . From fairness to full security in multiparty computation. Journal of Cryptology, 2022, 35( 1): 4
26	O Goldreich . Foundations of Cryptography: Volume 2, Basic Applications. Cambridge: Cambridge University Press, 2009
27	R Canetti . Universally composable security: a new paradigm for cryptographic protocols. In: Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science. 2001, 136−145
28	Li X, He M. A protocol of member-join in a secret sharing scheme. In: Proceedings of the 2nd Information Security Practice and Experience. 2006, 134−141
29	J, Yu F, Kong R, Hao X Li . How to publicly verifiably expand a member without changing old shares in a secret sharing scheme. In: Proceedings of the IEEE ISI 2008 International Workshops on Intelligence and Security Informatics. 2008, 138−148
30	G, Castagnos D, Catalano F, Laguillaumie F, Savasta I Tucker . Two-party ECDSA from hash proof systems and efficient instantiations. In: Proceedings of the 39th Annual International Cryptology Conference on Advances in Cryptology. 2019, 191–221
31	J, Doerner Y, Kondi E, Lee A Shelat . Threshold ECDSA from ECDSA assumptions: the multiparty case. In: Proceedings of 2019 IEEE Symposium on Security and Privacy (SP). 2019, 1051−1066
32	C, Wang D, Wang Y, Tu G, Xu H Wang . Understanding node capture attacks in user authentication schemes for wireless sensor networks. IEEE Transactions on Dependable and Secure Computing, 2022, 19( 1): 507–523
33	S, Qiu D, Wang G, Xu S Kumari . Practical and provably secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices. IEEE Transactions on Dependable and Secure Computing, 2022, 19( 2): 1338–1351
34	Q, Wang D, Wang C, Cheng D He . Quantum2FA: efficient quantum-resistant two-factor authentication scheme for mobile devices. IEEE Transactions on Dependable and Secure Computing, 2021, doi:
35	Z, Li D, Wang E Morais . Quantum-safe round-optimal password authentication for mobile devices. IEEE Transactions on Dependable and Secure Computing, 2022, 19( 3): 1885–1899

[1]

FCS-22288-OF-HL_suppl_1

Download

Viewed

Full text

Abstract

Cited

Shared

Discussed