[Resource Topic] 2022/297: Promise $\Sigma$-protocol: How to Construct Efficient Threshold ECDSA from Encryptions Based on Class Groups

Welcome to the resource topic for 2022/297

Title:
Promise \Sigma-protocol: How to Construct Efficient Threshold ECDSA from Encryptions Based on Class Groups

Authors: Yi Deng, Shunli Ma, Xinxuan Zhang, Hailong Wang, Xuyang Song, Xiang Xie

Abstract:

Threshold Signatures allow n parties to share the ability of issuing digital signatures so that any coalition of size at least t+1 can sign, whereas groups of t or fewer players cannot. The currently known class-group-based threshold ECDSA constructions are either inefficient (requiring parallel-repetition of the underlying zero knowledge proof with small challenge space) or requiring rather non-standard low order assumption. In this paper, we present efficient threshold ECDSA protocols from encryption schemes based on class groups with neither assuming the low order assumption nor parallel repeating the underlying zero knowledge proof, yielding a significant efficiency improvement in the key generation over previous constructions. Along the way we introduce a new notion of promise \Sigma-protocol that satisfies only a weaker soundness called promise extractability. An accepting promise \Sigma-proof for statements related to class-group-based encryptions does not establish the truth of the statement but provides security guarantees (promise extractability) that are sufficient for our applications. We also show how to simulate homomorphic operations on a (possibly invalid) class-group-based encryption whose correctness has been proven via our promise \Sigma-protocol. We believe that these techniques are of independent interest and applicable to other scenarios where efficient zero knowledge proofs for statements related to class-group is required.

ePrint: https://eprint.iacr.org/2022/297

Talk: https://www.youtube.com/watch?v=zUgs2iZyXEI

Slides: https://iacr.org/submit/files/slides/2021/asiacrypt/asiacrypt2021/93/slides.pptx

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .