363 research outputs found
Simple Schnorr Multi-Signatures with Applications to Bitcoin
We describe a new Schnorr-based multi-signature scheme (i.e., a protocol which allows a group of signers to produce a short, joint signature on a common message) called MuSig, provably secure in the plain public-key model (meaning that signers are only required to have a public key, but do not have to prove knowledge of the private key corresponding to their public key to some certification authority or to other signers before engaging the protocol), which improves over the state-of-art scheme of Bellare and Neven (ACM-CCS 2006) and its variants by Bagherzandi et al. (ACM-CCS 2008) and Ma et al. (Des. Codes Cryptogr., 2010) in two respects: (i) it is simple and efficient, having the same key and signature size as standard Schnorr signatures; (ii) it allows key aggregation, which informally means that the joint signature can be verified exactly as a standard Schnorr signature with respect to a single ``aggregated\u27\u27 public key which can be computed from the individual public keys of the signers. To the best of our knowledge, this is the first multi-signature scheme provably secure in the plain public-key model which allows key aggregation. As an application, we explain how our new multi-signature scheme could improve both performance and user privacy in Bitcoin
Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning
The secret keys of critical network authorities - such as time, name,
certificate, and software update services - represent high-value targets for
hackers, criminals, and spy agencies wishing to use these keys secretly to
compromise other hosts. To protect authorities and their clients proactively
from undetected exploits and misuse, we introduce CoSi, a scalable witness
cosigning protocol ensuring that every authoritative statement is validated and
publicly logged by a diverse group of witnesses before any client will accept
it. A statement S collectively signed by W witnesses assures clients that S has
been seen, and not immediately found erroneous, by those W observers. Even if S
is compromised in a fashion not readily detectable by the witnesses, CoSi still
guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to
risk that the compromise will soon be detected by one of the W witnesses.
Because clients can verify collective signatures efficiently without
communication, CoSi protects clients' privacy, and offers the first
transparency mechanism effective against persistent man-in-the-middle attackers
who control a victim's Internet access, the authority's secret key, and several
witnesses' secret keys. CoSi builds on existing cryptographic multisignature
methods, scaling them to support thousands of witnesses via signature
aggregation over efficient communication trees. A working prototype
demonstrates CoSi in the context of timestamping and logging authorities,
enabling groups of over 8,000 distributed witnesses to cosign authoritative
statements in under two seconds.Comment: 20 pages, 7 figure
BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure
This paper describes BlockPKI, a blockchain-based public-key infrastructure
that enables an automated, resilient, and transparent issuance of digital
certificates. Our goal is to address several shortcomings of the current TLS
infrastructure and its proposed extensions. In particular, we aim at reducing
the power of individual certification authorities and make their actions
publicly visible and accountable, without introducing yet another trusted third
party. To demonstrate the benefits and practicality of our system, we present
evaluation results and describe our prototype implementation.Comment: Workshop on Blockchain and Sharing Economy Application
Boomerang: Redundancy Improves Latency and Throughput in Payment-Channel Networks
In multi-path routing schemes for payment-channel networks, Alice transfers
funds to Bob by splitting them into partial payments and routing them along
multiple paths. Undisclosed channel balances and mismatched transaction fees
cause delays and failures on some payment paths. For atomic transfer schemes,
these straggling paths stall the whole transfer. We show that the latency of
transfers reduces when redundant payment paths are added. This frees up
liquidity in payment channels and hence increases the throughput of the
network. We devise Boomerang, a generic technique to be used on top of
multi-path routing schemes to construct redundant payment paths free of
counterparty risk. In our experiments, applying Boomerang to a baseline routing
scheme leads to 40% latency reduction and 2x throughput increase. We build on
ideas from publicly verifiable secret sharing, such that Alice learns a secret
of Bob iff Bob overdraws funds from the redundant paths. Funds are forwarded
using Boomerang contracts, which allow Alice to revert the transfer iff she has
learned Bob's secret. We implement the Boomerang contract in Bitcoin Script
Evolving Bitcoin Custody
The broad topic of this thesis is the design and analysis of Bitcoin custody
systems. Both the technology and threat landscape are evolving constantly.
Therefore, custody systems, defence strategies, and risk models should be
adaptive too.
We introduce Bitcoin custody by describing the different types, design
principles, phases and functions of custody systems. We review the technology
stack of these systems and focus on the fundamentals; key-management and
privacy. We present a perspective we call the systems view. It is an attempt to
capture the full complexity of a custody system, including technology, people,
and processes. We review existing custody systems and standards.
We explore Bitcoin covenants. This is a mechanism to enforce constraints on
transaction sequences. Although previous work has proposed how to construct and
apply Bitcoin covenants, these require modifying the consensus rules of
Bitcoin, a notoriously difficult task. We introduce the first detailed
exposition and security analysis of a deleted-key covenant protocol, which is
compatible with current consensus rules. We demonstrate a range of security
models for deleted-key covenants which seem practical, in particular, when
applied in autonomous (user-controlled) custody systems. We conclude with a
comparative analysis with previous proposals.
Covenants are often proclaimed to be an important primitive for custody
systems, but no complete design has been proposed to validate that claim. To
address this, we propose an autonomous custody system called Ajolote which uses
deleted-key covenants to enforce a vault sequence. We evaluate Ajolote with; a
model of its state dynamics, a privacy analysis, and a risk model. We propose a
threat model for custody systems which captures a realistic attacker for a
system with offline devices and user-verification. We perform ceremony analysis
to construct the risk model.Comment: PhD thesi
A PoW-less Bitcoin with Certified Byzantine Consensus
Distributed Ledger Technologies (DLTs), when managed by a few trusted
validators, require most but not all of the machinery available in public DLTs.
In this work, we explore one possible way to profit from this state of affairs.
We devise a combination of a modified Practical Byzantine Fault Tolerant (PBFT)
protocol and a revised Flexible Round-Optimized Schnorr Threshold Signatures
(FROST) scheme, and then we inject the resulting proof-of-authority consensus
algorithm into Bitcoin (chosen for the reliability, openness, and liveliness it
brings in), replacing its PoW machinery. The combined protocol may operate as a
modern, safe foundation for digital payment systems and Central Bank Digital
Currencies (CBDC)
Deployment of Threshold Signatures for Securing Bitcoin Transactions
Blockchain technology, especially Bitcoin, has revolutionizedhow we think about and manage financial transactions.However, with the increasing demand and usage of blockchaintechnology, the security of cryptocurrency wallets has become acritical concern. Threshold signatures offer a promising solutionto this problem, allowing multiple parties to sign a transactionwithout revealing their private keys. This article presents an Androidmobile Bitcoin wallet application that uses Schnorr-basedthreshold signatures. The application also deploys smartwatchintegration for enhanced security and usability. This integrationprovides an additional layer of security by requiring physicalconfirmation from the user before approving any transaction.Our implementation provides a secure and efficient platform formanaging Bitcoin assets using threshold signatures while alsoproviding an intuitive and easy-to-use interface for interactingwith the application
- …