157 research outputs found
Key-and-Signature Compact Multi-Signatures for Blockchain: A Compiler with Realizations
Multi-signature is a protocol where a set of signatures jointly sign a
message so that the final signature is significantly shorter than concatenating
individual signatures together. Recently, it finds applications in blockchain,
where several users want to jointly authorize a payment through a
multi-signature. However, in this setting, there is no centralized authority
and it could suffer from a rogue key attack where the attacker can generate his
own keys arbitrarily. Further, to minimize the storage on blockchain, it is
desired that the aggregated public-key and the aggregated signature are both as
short as possible. In this paper, we find a compiler that converts a kind of
identification (ID) scheme (which we call a linear ID) to a multi-signature so
that both the aggregated public-key and the aggregated signature have a size
independent of the number of signers. Our compiler is provably secure. The
advantage of our results is that we reduce a multi-party problem to a weakly
secure two-party problem. We realize our compiler with two ID schemes. The
first is Schnorr ID. The second is a new lattice-based ID scheme, which via our
compiler gives the first regular lattice-based multi-signature scheme with
key-and-signature compact without a restart during signing process
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components
The semiconductor industry is fully globalized and integrated circuits (ICs)
are commonly defined, designed and fabricated in different premises across the
world. This reduces production costs, but also exposes ICs to supply chain
attacks, where insiders introduce malicious circuitry into the final products.
Additionally, despite extensive post-fabrication testing, it is not uncommon
for ICs with subtle fabrication errors to make it into production systems.
While many systems may be able to tolerate a few byzantine components, this is
not the case for cryptographic hardware, storing and computing on confidential
data. For this reason, many error and backdoor detection techniques have been
proposed over the years. So far all attempts have been either quickly
circumvented, or come with unrealistically high manufacturing costs and
complexity.
This paper proposes Myst, a practical high-assurance architecture, that uses
commercial off-the-shelf (COTS) hardware, and provides strong security
guarantees, even in the presence of multiple malicious or faulty components.
The key idea is to combine protective-redundancy with modern threshold
cryptographic techniques to build a system tolerant to hardware trojans and
errors. To evaluate our design, we build a Hardware Security Module that
provides the highest level of assurance possible with COTS components.
Specifically, we employ more than a hundred COTS secure crypto-coprocessors,
verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to
realize high-confidentiality random number generation, key derivation, public
key decryption and signing. Our experiments show a reasonable computational
overhead (less than 1% for both Decryption and Signing) and an exponential
increase in backdoor-tolerance as more ICs are added
Compact Multi-Signatures for Smaller Blockchains
We construct new multi-signature schemes that provide new functionality. Our schemes are designed to reduce the size of the Bitcoin blockchain, but are useful in many other settings where multi-signatures are needed. All our constructions support both signature compression and public-key aggregation. Hence, to verify that a number of parties signed a common message m, the verifier only needs a short multi-signature, a short aggregation of their public keys, and the message m. We give new constructions that are derived from Schnorr signatures and from BLS signatures. Our constructions are in the plain public key model, meaning that users do not need to prove knowledge or possession of their secret key.
In addition, we construct the first short accountable-subgroup multi-signature (ASM) scheme. An ASM scheme enables any subset S of a set of n parties to sign a message m so that a valid signature discloses which subset generated the signature (hence the subset S is accountable for signing m). We construct the first ASM scheme where signature size is only O(k) bits over the description of S, where k is the security parameter. Similarly, the aggregate public key is only O(k) bits, independent of n. The signing process is non-interactive. Our ASM scheme is very practical and well suited for compressing the data needed to spend funds from a t-of-n Multisig Bitcoin address, for any (polynomial size) t and n
DualMS: Efficient Lattice-Based Two-Round Multi-Signature with Trapdoor-Free Simulation
A multi-signature scheme allows multiple signers to jointly sign a common message. In recent years, two lattice-based two-round multi-signature schemes based on Dilithium-G were proposed: DOTT by Damgård, Orlandi, Takahashi, and Tibouchi (PKC\u2721) and Musig-L by Boschini, Takahashi, and Tibouchi (CRYPTO\u2722).
In this work, we propose a new lattice-based two-round multi-signature scheme called DualMS. Compared to DOTT, DualMS is likely to significantly reduce signature size, since it replaces an opening to a homomorphic trapdoor commitment with a Dilithium-G response in the signature. Compared to Musig-L, concrete parameters show that DualMS has smaller public keys, signatures, and lower communication, while the first round cannot be preprocessed offline as in Musig-L.
The main reason behind such improvements is a trapdoor-free dual signing simulation of our scheme. Signature simulation of DualMS is virtually the same as the normal signing procedure and does not use lattice trapdoors like DOTT and Musig-L
- …