Splitting and Aggregating Signatures in Cryptocurrency Protocols
04 Apr 2019-pp 100-108
TL;DR: This paper proposes a simple way to manage a user's private key, under a reasonable assumption that the user has two devices at his disposal (say a laptop and a mobile phone).
Abstract: The blockchain technology and a vast amount of cryptocurrency related activities have generated an unprecedented level of interest among the public. However, even at the entry level, cryptocurrency users need to deal with the complex task of key management. In this paper, we propose a simple way to manage a user's private key, under a reasonable assumption that the user has two devices at his disposal (say a laptop and a mobile phone). We refer to our strategy as key splitting. Since these cryptographic keys are used for generating digital signatures, we should take a closer look at the signature schemes that would perform best under key splitting. At the operational level, scalability is one of the main challenges faced by the users and developers. While there are fundamental issues like consensus that challenge scalability, we focus on the computational efficiency in a block formation. Aggregation of signatures is one of the effective solutions to this problem. To this end, we observe that none of the existing signature schemes work well for BOTH key splitting and aggregation. The current popular schemes such as the ones used in Bitcoin or Schnorr's scheme implemented over Elliptic curves are neither suitable for aggregation nor can their keys be split in a convenient and meaningful way. A detailed theoretical and empirical analysis shows that the BLS short signature scheme is best suited for achieving both key splitting and aggregation.
Citations
More filters
Posted Content•
TL;DR: In this article, Schnorr signatures and BLS signatures are used to reduce the size of the Bitcoin blockchain, which is useful in many other settings where multi-signatures are needed.
Abstract: We construct new multi-signature schemes that provide new functionality. Our schemes are designed to reduce the size of the Bitcoin blockchain, but are useful in many other settings where multi-signatures are needed. All our constructions support both signature compression and public-key aggregation. Hence, to verify that a number of parties signed a common message m, the verifier only needs a short multi-signature, a short aggregation of their public keys, and the message m. We give new constructions that are derived from Schnorr signatures and from BLS signatures. Our constructions are in the plain public key model, meaning that users do not need to prove knowledge or possession of their secret key.
42 citations
TL;DR: In this paper , the authors present an open-source smart contract under Quorum, a version of Ethereum oriented to private business environments, for the chain-of-custody (CoC) process.
Abstract: The digital revolution is renewing many aspects of our lives, which is also a challenge in judicial processes, such as the Chain-of-Custody (CoC) process of any electronic evidence. A CoC management system must be designed to guarantee them to maintain its integrity in court. This issue is essential for digital evidence’s admissibility and probative value. This work has built and validated a real prototype to manage the CoC process of any digital evidence. Our technological solution follows a process model that separates the evidence registry and any evidence itself for scalability purposes. It includes the development of an open-source smart contract under Quorum, a version of Ethereum oriented to private business environments. The significant findings of our analysis have been: (1) Blockchain networks can become a solution, where integrity, privacy and traceability must be guaranteed between untrustworthy parties; and (2) the necessity of promoting the standardization of CoC smart contracts with a secure, simple process logic. Consequently, these contracts should be deployed in consortium environments, where reliable, independent third parties validate the transactions without having to know their content.
2 citations
01 Dec 2022
TL;DR: In this article , the authors proposed a modification of BLS signatures with an additive key split augumented with a refresh technique, which protects against a powerful adversary that can control distinct HSMs in different signing sessions.
Abstract: A Circuit Breaking Environment (CBE) for Connected Railway Infrastructures (CRI) requires that high sensitive cargos are bound to the transportation train carriges. This implies a continous verification of the connectivity and rapid identification of potenital disconnections. For that purpose we consider signatures run on devices with multiple Hardware Security Modules (HSM) architectures. We propose a modification of BLS signatures with an additive key split augumented with a refresh technique. This protects against a powerful adversary that can control distinct HSMs in different signing sessions. Thus, we consider our scheme to be secure even if the adversary switches between chosen HSMs for leakage of partial secrets, from session to session. Finally, we provide promising results from a proof-of- concept implementation, tested on several different type of low- powered devices for comparison. These indicate the feasibility of our constructions.
References
More filters
09 Dec 2001
TL;DR: A short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyperelliptic curves is introduced, designed for systems where signatures are typed in by a human or signatures are sent over a low-bandwidth channel.
Abstract: We introduce a short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyperelliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or signatures are sent over a low-bandwidth channel.
3,697 citations
"Splitting and Aggregating Signature..." refers methods in this paper
...[5] Dan Boneh, Craig Gentry, Ben Lynn, and Hovav Shacham....
[...]
...The Boneh-Lynn-Shacham(BLS) signature scheme [6] is a signature scheme based on bilinear pairing of an elliptic curve group....
[...]
...SHORT SIGNATURE USING BILINEAR PAIRING The Boneh-Lynn-Shacham(BLS) signature scheme [6] is a signature scheme based on bilinear pairing of an elliptic curve group....
[...]
...We note that the (BLS) short signature scheme of Boneh, Lynn and Shacham [6] is quite amenable for such splitups and we describe a way in which an effective split-up be achieved....
[...]
...[6] Dan Boneh, Ben Lynn, and Hovav Shacham....
[...]
TL;DR: An efficient algorithm that preprocesses the exponentiation of a random residue modulo p is presented, which improves the ElGamal signature scheme in the speed of the procedures for the generation and the verification of signatures and also in the bit length of signatures.
Abstract: We present a new public-key signature scheme and a corresponding authentication scheme that are based on discrete logarithms in a subgroup of units in ? p where p is a sufficiently large prime, e.g., p ? 2512. A key idea is to use for the base of the discrete logarithm an integer ? in ? p such that the order of ? is a sufficiently large prime q, e.g., q ? 2140. In this way we improve the ElGamal signature scheme in the speed of the procedures for the generation and the verification of signatures and also in the bit length of signatures. We present an efficient algorithm that preprocesses the exponentiation of a random residue modulo p.
2,869 citations
04 May 2003
TL;DR: In this article, Boneh, Lynn, and Shacham introduced the concept of an aggregate signature, presented security models for such signatures, and gave several applications for aggregate signatures.
Abstract: An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince the verifier that the n users did indeed sign the n original messages (i.e., user i signed message Mi for i = 1, . . . , n). In this paper we introduce the concept of an aggregate signature, present security models for such signatures, and give several applications for aggregate signatures. We construct an efficient aggregate signature from a recent short signature scheme based on bilinear maps due to Boneh, Lynn, and Shacham. Aggregate signatures are useful for reducing the size of certificate chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols such as SBGP. We also show that aggregate signatures give rise to verifiably encrypted signatures. Such signatures enable the verifier to test that a given ciphertext C is the encryption of a signature on a given message M. Verifiably encrypted signatures are used in contract-signing protocols. Finally, we show that similar ideas can be used to extend the short signature scheme to give simple ring signatures.
1,859 citations
24 Apr 2006
TL;DR: This paper explains the design and implementation of a high-security elliptic-curve-Diffie-Hellman function achieving record-setting speeds: e.g., 832457 Pentium III cycles more than twice as fast as other authors' results at the same conjectured security level.
Abstract: This paper explains the design and implementation of a high-security elliptic-curve-Diffie-Hellman function achieving record-setting speeds: e.g., 832457 Pentium III cycles (with several side benefits: free key compression, free key validation, and state-of-the-art timing-attack protection), more than twice as fast as other authors' results at the same conjectured security level (with or without the side benefits).
834 citations
"Splitting and Aggregating Signature..." refers methods in this paper
...The Schnorr signature is implemented on the edwards25519-curve [3], which is the current standard deployed in cryptocurrencies [10] for fast performances....
[...]
01 Jan 2008
221 citations
"Splitting and Aggregating Signature..." refers methods in this paper
...We have implemented the ECDSA signature scheme on the Koblitz curve secp256k1 [11] over Fq as defined in FIPS 186-3 [9]....
[...]