安全高效的两方协同ECDSA签名方案

doi:10.11959/j.issn.1000-436x.2021019

通信学报 ›› 2021, Vol. 42 ›› Issue (2): 12-25.doi: 10.11959/j.issn.1000-436x.2021019

安全高效的两方协同ECDSA签名方案

王婧¹, 吴黎兵¹^,², 罗敏², 何德彪²

¹ 武汉大学计算机学院，湖北武汉 430070
² 武汉大学国家网络安全学院，湖北武汉 430070

修回日期:2020-12-05 出版日期:2021-02-25 发布日期:2021-02-01
作者简介:王婧（1994- ），女，安徽安庆人，武汉大学博士生，主要研究方向为云存储安全、数字签名、安全多方计算等。
吴黎兵（1972- ），男，湖北武汉人，博士，武汉大学教授、博士生导师，主要研究方向为分布式计算、可信软件、无线传感网络等。
罗敏（1974- ），男，湖北武汉人，博士，武汉大学副教授、硕士生导师，主要研究方向为密码协议、信息安全、区块链技术与应用等。
何德彪（1980- ），男，湖北武汉人，博士，武汉大学教授、博士生导师，主要研究方向为密码协议、信息安全、区块链技术与应用等。
基金资助:
国家自然科学基金资助项目(61772377);国家自然科学基金资助项目(61672257);国家自然科学基金资助项目(91746206);国家自然科学基金资助项目(61932016);国家自然科学基金资助项目(61972294);湖北省自然科学基金资助项目(2017CFA007);深圳市科技计划基金资助项目(JCYJ20170818112550194)

Secure and efficient two-party ECDSA signature scheme

Jing WANG¹, Libing WU¹^,², Min LUO², Debiao HE²

¹ School of Computer Science, Wuhan University, Wuhan 430070, China
² School of Cyber Science and Engineering, Wuhan University, Wuhan 430070, China

Revised:2020-12-05 Online:2021-02-25 Published:2021-02-01
Supported by:
The National Natural Science Foundation of China(61772377);The National Natural Science Foundation of China(61672257);The National Natural Science Foundation of China(91746206);The National Natural Science Foundation of China(61932016);The National Natural Science Foundation of China(61972294);The Natural Science Foundation of Hubei Province(2017CFA007);The Science and Technology Planning Project of Shenzhen(JCYJ20170818112550194)

摘要/Abstract

摘要：

为了解决签名私钥易泄露和签名权利过度集中的问题，针对基于区块链技术的网络交易系统，提出了一种安全高效的两方协同ECDSA签名方案。通过预计算一次一密的Beaver三元组，进而利用基于Beaver三元组的安全两方乘法技术，有效避免使用计算繁重的同态加密和通信开销较大的不经意传输等操作，实现高效的两方协同ECDSA签名，保证2个签名参与方在不重构完整签名私钥的情况下输出合法的ECDSA签名。方案的安全性在通用可组合框架中的混合模型下被证明。理论分析与实验结果表明，与现有的2种两方协同ECDSA签名方案相比，所提方案在协同签名运行效率和带宽要求方面均具有明显优势。

关键词: 私钥泄露, 密钥保护, 签名效率, 两方签名

Abstract:

To solve the easy disclosure of signature private key and excessive concentration of signature rights, a secure and efficient two-party ECDSA signature scheme was proposed for the blockchain based network trading systems.By pre-computing one-time pad Beaver’s triple, and utilizing the Beaver’s triple based secure two-party multiplication technology, some computationally intensive homomorphic encryption operations and oblivious transfer operations with high communication overhead were effectively avoided, and thereby an efficient two-party ECDSA signing was realized, which could ensure that the two signing parties output valid ECDSA signature without reconstructing the complete private key.The proposed scheme was proved to be provably secure under the hybrid model of the universally composable framework.Theoretical analysis and simulation results demonstrate that the proposed scheme has significant advantages in terms of signing efficiency and bandwidth requirements when compared with the existing two two-party ECDSA signature schemes.

Key words: private key leakage, key protection, signing efficiency, two-party signature

中图分类号:

TP309

王婧, 吴黎兵, 罗敏, 何德彪. 安全高效的两方协同ECDSA签名方案[J]. 通信学报, 2021, 42(2): 12-25.

Jing WANG, Libing WU, Min LUO, Debiao HE. Secure and efficient two-party ECDSA signature scheme[J]. Journal on Communications, 2021, 42(2): 12-25.

图/表 5

表1

表2

图1

图2

表3

参考文献 33

[1]	JOHNSON D , MENEZES A , VANSTONE S . The elliptic curve digital signature algorithm (ECDSA)[J]. International Journal of Information Security, 2001,1(1): 36-63.
[2]	AL-ZUBAIDIE M , ZHANG Z , ZHANG J . Efficient and secure ECDSA algorithm and its applications:a survey[J]. arXiv Preprint,arXiv:1902.10313, 2019.
[3]	BLAKE-W S , BOLYARD N , GUPTA V ,et al. Elliptic curve cryptography (ECC) cipher suites for transport layer security (TLS)[R]. RFC 4492, 2006.
[4]	DALSKOV A , ORLANDI C , KELLER M ,et al. Securing DNSSEC keys via threshold ECDSA from generic MPC[C]// European Symposium on Research in Computer Security. Berlin:Springer, 2020: 654-673.
[5]	HENNING P J . A taxonomy of cryptocurrency enforcement actions[J]. Brooklyn Journal of Corporate,Financial and Commercial Law, 2020,14(2): 227-257.
[6]	LU H , JIN C , HELU X ,et al. AutoD:intelligent blockchain application unpacking based on JNI layer deception call[J]. IEEE Network, 2020,PP(99): 1-7.
[7]	JANPITAK N , LILAKIATSAKUN W , SATHITWIRIYAWONG C . The novel secure testament methodology for cryptocurrency wallet using mnemonic seed[J]. Information Security Journal:A Global Perspective, 2020,29(4): 169-182.
[8]	TOMESCU A , CHEN R , ZHENG Y ,et al. Towards scalable threshold cryptosystems[C]// 2020 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2020,doi.org/ 10.1109/SP40000.2020.00059.
[9]	侯红霞, 杨波, 张丽娜 ,等. 安全的两方协作 SM2 签名算法[J]. 电子学报, 2019,48(1): 1-8.
	HOU H X , YANG B , ZHANG L N ,et al. Secure two-party SM2 signature algorithm[J]. Acta Electronica Sinica, 2019,48(1): 1-8.
[10]	MACKENZIE P , REITER M K . Two-party generation of DSA signatures[J]. International Journal of Information Security, 2004,2(3-4): 218-239.
[11]	GENNARO R , GOLDFEDER S , NARAYANAN A . Threshold-optimal DSA/ECDSA signatures and an application to Bitcoin wallet security[C]// International Conference on Applied Cryptography and Network Security. Berlin:Springer, 2016: 156-174.
[12]	BONEH D , GENNARO R , GOLDFEDER S . Using level-1 homomorphic encryption to improve threshold DSA signatures for bitcoin wallet security[C]// International Conference on Cryptology and Information Security in Latin America. Berlin:Springer, 2017: 352-377.
[13]	LINDELL Y , . Fast secure two-party ECDSA signing[C]// Annual International Cryptology Conference. Berlin:Springer, 2017: 613-644.
[14]	DOERNER J , KONDI Y , LEE E ,et al. Secure two-party threshold ECDSA from ECDSA assumptions[C]// 2018 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2018: 980-997.
[15]	CHOU T , ORLANDI C . The simplest protocol for oblivious transfer[C]// International Conference on Cryptology and Information Security in Latin America. Berlin:Springer, 2015: 40-58.
[16]	KELLER M , ORSINI E , SCHOLL P . Actively secure OT extension with optimal overhead[C]// Annual Cryptology Conference. Berlin:Springer, 2015: 724-741.
[17]	CASTAGNOS G , CATALANO D , LAGUILLAUMIE F ,et al. Two-party ECDSA from hash proof systems and efficient instantiations[C]// Annual International Cryptology Conference. Berlin:Springer, 2019: 191-221.
[18]	LINDELL Y , NOF A . Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2018: 1837-1854.
[19]	DOERNER J , KONDI Y , LEE E ,et al. Threshold ECDSA from ECDSA assumptions:the multiparty case[C]// 2019 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2019: 1051-1066.
[20]	GENNARO R , GOLDFEDER S . Fast multiparty threshold ECDSA with fast trustless setup[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2018: 1179-1194.
[21]	HE D , ZHANG Y , WANG D ,et al. Secure and efficient two-party signing protocol for the identity-based signature scheme in the IEEE P1363 standard for public key cryptography[J]. IEEE Transactions on Dependable and Secure Computing, 2018,17(5): 1124-1132.
[22]	FENG Q , HE D , LIU Z ,et al. Distributed signing protocol for IEEE P1363-compliant identity-based signature scheme[J]. IET Information Security, 2020,14(4): 443-451.
[23]	ZHANG Y , HE D , ZHANG M ,et al. A provable-secure and practical two-party distributed signing protocol for SM2 signature algorithm[J]. Frontiers of Computer Science, 2020,14(3): 1-14.
[24]	MU Y H , XU H X , LI P L ,et al. Secure two-party SM9 signing[J]. SCIENCE CHINA Information Sciences, 2020,63(8): 189101.
[25]	BEAVER D , . Efficient multiparty protocols using circuit randomization[C]// Annual International Cryptology Conference. Berlin:Springer, 1991: 420-432.
[26]	FENG Q , HE D , LIU Z ,et al. SecureNLP:a system for multi-party Privacy-preserving natural language processing[J]. IEEE Transactions on Information Forensics and Security, 2020,PP(99): 1.
[27]	HUANG K , LIU X , FU S ,et al. A lightweight privacy-preserving CNN feature extraction framework for mobile sensing[J]. IEEE Transactions on Dependable and Secure Computing, 2019,doi.org/10.1109/TDSC.2019.2913362.
[28]	CANETTI R , . Universally composable security:a new paradigm for cryptographic protocols[C]// Proceedings 42nd IEEE Symposium on Foundations of Computer Science. Piscataway:IEEE Press, 2001: 136-145.
[29]	SCHNORR C P , . Efficient identification and signatures for smart cards[C]// Conference on the Theory and Application of Cryptology. Berlin:Springer, 1989: 239-252.
[30]	WU Y , WANG X , SUSILO W ,et al. Efficient server-aided secure two-party computation in heterogeneous mobile cloud computing[J]. IEEE Transactions on Dependable and Secure Computing, 2020:doi.org/10.1109/TDSC.2020.2966632.
[31]	LINDELL Y . How to simulate it-a tutorial on the simulation proof technique[M]. Berlin: Springer, 2017: 277-346.
[32]	BARKE E . Recommendation for key management-part 1 (revised)[J]. Special Publication 800-57, 2020:doi.org/10.6028/NIST.SP.800-57ptlr5.
[33]	KANENARI T , TAKAHASHI Y , HASHIMOTO Y ,et al. A comparison of relic-toolkit and ELiPS libraries for a pairing-based homomorphic encryption[C]// 2019 34th International Technical Conference on Circuits/Systems,Computers and Communications. Piscataway:IEEE Press, 2019: 1-4.

方案	U₁计算开销	U₂计算开销	U₁+U₂通信开销
Lindell方案	Dec + 7PM + 4h	Enc + HM + 5PM + 3h	9λ+2N
Doerner方案	7PM + 5 524h	6PM + 5 476h	λ(8λ+794)+2
本文方案	6PM + 5h	4PM + 3h	19λ

方案	U₁计算开销	U₂计算开销	U₁+U₂通信开销
Lindell方案	Dec + 4PM + h	Enc + HM +2PM	4λ+2N
Doerner方案	4PM + 5 012h	2PM + 4884h	λ(6λ+794)+2
本文方案	3PM + 2h	PM + h	14λ

方案	恶意模型通信开销/B	半诚实模型通信开销/B
Lindell方案	768	608
Doerner方案	85 713	72 812
本文方案	601	446

安全高效的两方协同ECDSA签名方案

Secure and efficient two-party ECDSA signature scheme

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 33

相关文章 1

Metrics

推荐阅读 0