[Resource Topic] 2022/1189: CSI-SharK: CSI-FiSh with Sharing-friendly Keys

system · September 9, 2022, 9:24pm

Welcome to the resource topic for 2022/1189

Title:
CSI-SharK: CSI-FiSh with Sharing-friendly Keys

Authors: Shahla Atapoor, Karim Baghery, Daniele Cozzo, Robi Pedersen

Abstract:

CSI-FiSh is one of the most efficient isogeny-based signature schemes, which is proven to be secure in the Quantum Random Oracle Model (QROM). However, there is a bottleneck in CSI-FiSh in the threshold setting, which is that its public key needs to be generated by using k-1 secret keys. This leads to very inefficient threshold key generation protocols and also forces the parties to store k-1 secret shares. We present CSI-SharK, a new variant of \textit{CSI}-FiSh that has more \textit{Shar} ing-friendly \textit{K} eys and is as efficient as the original scheme. This is accomplished by modifying the public key of the ID protocol, used in the original CSI-FiSh, to the equal length Structured Public Key (SPK), generated by a \textit{single} secret key, and then proving that the modified ID protocol and the resulting signature scheme remain secure in the QROM. We translate existing CSI-FiSh-based threshold signatures and Distributed Key Generation (DKG) protocols to the CSI-SharK setting. We find that DKG schemes based on CSI-SharK outperform the state-of-the-art actively secure DKG protocols from the literature by a factor of about 3, while also strongly reducing the communication cost between the parties. We also uncover and discuss a flaw in the key generation of the actively secure CSI-FiSh based threshold signature scheme \textit{Sashimi}, that can prevent parties from signing. Finally, we discuss how (distributed) key generation and signature schemes in the isogeny setting are strongly parallelizable and we show that by using C independent CPU threads, the total runtime of such schemes can basically be reduced by a factor C. As multiple threads are standard in modern CPU architecture, this parallelizability is a strong incentive towards using isogeny-based (distributed) key generation and signature schemes in practical scenarios.

ePrint: https://eprint.iacr.org/2022/1189

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .

laurane · October 26, 2022, 1:39pm

Talk by K.Baghery at the isogeny days in Leuven.