Deterministic wallets for adaptor signatures. (English) Zbl 1524.94066
Atluri, Vijayalakshmi (ed.) et al., Computer security – ESORICS 2022. 27th European symposium on research in computer security, Copenhagen, Denmark, September 26–30, 2022. Proceedings. Part II. Cham: Springer. Lect. Notes Comput. Sci. 13555, 487-506 (2022).
Summary: Adaptor signatures are a new cryptographic primitive that binds the authentication of a message to the revelation of a secret value. In recent years, this primitive has gained increasing popularity both in academia and practice due to its versatile use-cases in different Blockchain applications such as atomic swaps and payment channels. The security of these applications, however, crucially relies on users storing and maintaining the secret values used by adaptor signatures in a secure way. For standard digital signature schemes, cryptographic wallets have been introduced to guarantee secure storage of keys and execution of the signing procedure. However, no prior work has considered cryptographic wallets for adaptor signatures.
In this work, we introduce the notion of adaptor wallets. Adaptor wallets allow parties to securely use and maintain adaptor signatures in the Blockchain setting. Our adaptor wallets are both deterministic and operate in the hot/cold paradigm, which was first formalized by P. Das et al. [CCS 2019, 651–668 (2019; doi:10.1145/3319535)] for standard signature schemes. We introduce a new cryptographic primitive called adaptor signatures with rerandomizable keys, and use it to generically construct adaptor wallets. We further show how to instantiate adaptor signatures with rerandomizable keys from the ECDSA signature scheme and discuss that they can likely be built for Schnorr and Katz-Wang schemes as well. Finally, we discuss the limitations of the existing ECDSA- and Schnorr-based adaptor signatures w.r.t. deterministic wallets in the hot/cold setting and prove that it is impossible to overcome these drawbacks given the current state-of-the-art design of adaptor signatures.
For the entire collection see [Zbl 1515.68024].
In this work, we introduce the notion of adaptor wallets. Adaptor wallets allow parties to securely use and maintain adaptor signatures in the Blockchain setting. Our adaptor wallets are both deterministic and operate in the hot/cold paradigm, which was first formalized by P. Das et al. [CCS 2019, 651–668 (2019; doi:10.1145/3319535)] for standard signature schemes. We introduce a new cryptographic primitive called adaptor signatures with rerandomizable keys, and use it to generically construct adaptor wallets. We further show how to instantiate adaptor signatures with rerandomizable keys from the ECDSA signature scheme and discuss that they can likely be built for Schnorr and Katz-Wang schemes as well. Finally, we discuss the limitations of the existing ECDSA- and Schnorr-based adaptor signatures w.r.t. deterministic wallets in the hot/cold setting and prove that it is impossible to overcome these drawbacks given the current state-of-the-art design of adaptor signatures.
For the entire collection see [Zbl 1515.68024].
References:
| [1] | Alkeilani Alkadri, N., et al.: Deterministic wallets in a quantum world. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, November 2020, pp. 1017-1031. ACM Press (2020). doi:10.1145/3372297.3423361 |
| [2] | Atallah, MJ; Blanton, M.; Fazio, N.; Frikken, KB, Dynamic and efficient key management for access hierarchies, ACM Trans. Inf. Syst. Secur., 12, 3 (2009) · doi:10.1145/1455526.1455531 |
| [3] | Aumayr, L., et al.: Generalized channels from limited blockchain scripts and adaptor signatures. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13091, pp. 635-664. Springer, Cham (2021). doi:10.1007/978-3-030-92075-3_22 · Zbl 1514.94032 |
| [4] | Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, STOC 1988. Chicago, pp. 103-112. Association for Computing Machinery (1988). doi:10.1145/62212.62222 |
| [5] | Das, P., Erwig, A., Faust, S., Loss, J., Riahi, S.: The exact security of BIP32 wallets. In: Vigna, G., Shi, E. (eds.) ACM CCS 2021, pp. 1020-1042. ACM Press (2021). doi:10.1145/3460120.3484807 |
| [6] | Das, P., Faust, S., Loss, J.: A formal treatment of deterministic wallets. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019, pp. 651-668. ACM Press (2019). doi:10.1145/3319535 |
| [7] | Deshpande, A., Herlihy, M.: Privacy-preserving cross-chain atomic swaps. In: Bernhard, M., et al. (eds.) FC 2020. LNCS, vol. 12063, pp. 540-549. Springer, Cham (2020). doi:10.1007/978-3-030-54455-3_38 |
| [8] | Erwig, A., Faust, S., Hostáková, K., Maitra, M., Riahi, S.: Two-party adaptor signatures from identification schemes. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12710, pp. 451-480. Springer, Cham (2021). doi:10.1007/978-3-030-75245-3_17 · Zbl 1479.94313 |
| [9] | Esgin, M.F., Ersoy, O., Erkin, Z.: Post-quantum adaptor signatures and payment channel networks. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12309, pp. 378-397. Springer, Cham (2020). doi:10.1007/978-3-030-59013-0_19 · Zbl 1511.94095 |
| [10] | Fersch, M., Kiltz, E., Poettering, B.: On the one-per-message unforgeability of (EC)DSA and its variants. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10678, pp. 519-534. Springer, Cham (2017). doi:10.1007/978-3-319-70503-3_17 · Zbl 1406.94052 |
| [11] | Fleischhacker, N., et al.: Efficient unlinkable sanitizable signatures from signatures with re-randomizable keys. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 301-330. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49384-7_12 · Zbl 1388.94054 |
| [12] | Gutoski, G., Stebila, D.: Hierarchical deterministic bitcoin wallets that tolerate key leakage. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 497-504. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47854-7_31 · Zbl 1415.94436 |
| [13] | Katz, J., Wang, N.: Efficiency improvements for signature schemes with tight security reductions. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) ACM CCS 2003, pp. 155-164. ACM Press (2003). doi:10.1145/948109.948132 |
| [14] | Kondi, Y., Magri, B., Orlandi, C., Shlomovits, O.: Refresh when you wake up: proactive threshold wallets with offline devices. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 608-625 (2021) doi:10.1109/SP40001.2021.00067 |
| [15] | Di Luzio, A., Francati, D., Ateniese, G.: Arcula: a secure hierarchical deterministic wallet for multi-asset blockchains. In: Krenn, S., Shulman, H., Vaudenay, S. (eds.) CANS 2020. LNCS, vol. 12579, pp. 323-343. Springer, Cham (2020). doi:10.1007/978-3-030-65411-5_16 |
| [16] | Madathil, V., Thyagarajan, S.A., Vasilopoulos, D., Fournier, L., Malavolta, G., Moreno-Sanchez, P.: Practical Decentralized Oracle Contracts for Cryptocurrencies. Cryptology ePrint Archive, Report 2022/499 (2022). https://ia.cr/2022/499. 2022 |
| [17] | Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., Maffei, M.: Anonymous multi-hop locks for blockchain scalability and interoperability. In: NDSS 2019. The Internet Society (2019) |
| [18] | Moreno-Sanchez, P., Kate, A.: Scriptless Scripts with ECDSA (2018). https://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20180426/fe978423/attachment-0001.pdf |
| [19] | Poelstra, A.: Scriptless scripts (2017). https://download.wpsoftware.net/bitcoin/wizardry/mw-slides/2017-03-mit-bitcoin-expo/slides.pdf. Accessed Oct 2020 |
| [20] | Sasson, E.B., et al.: Zerocash: decentralized anonymous payments from bitcoin. IEEE Symp. Secur. Privacy 2014, 459-474 (2014) |
| [21] | Schnorr, CP, Efficient signature generation by smart cards, J. Cryptol., 4, 3, 161-174 (1991) · Zbl 0743.68058 · doi:10.1007/BF00196725 |
| [22] | Tairi, E., Moreno-Sanchez, P., Maffei, M.: \(A^2\) L: anonymous atomic locks for scalability in payment channel hubs. In: 2021 IEEE Symposium on Security and Privacy, pp. 1834-1851. IEEE Computer Society Press (2021). doi:10.1109/SP40001.2021.00111 |
| [23] | Tairi, E., Moreno-Sanchez, P., Maffei, M.: Post-quantum adaptor signature for privacy-preserving off-chain payments”. In: Borisov, N., Diaz, C. (eds.) Financial Cryptography and Data Security, pp. 131-150. Springer, Heidelberg (2021). ISBN:978-3-662-64331-0 · Zbl 1491.94081 |
| [24] | Thyagarajan, S.A., Malavolta, G., Moreno-Sánchez, P.: Universal Atomic Swaps: Secure Exchange of Coins Across All Blockchains. Cryptology ePrint Archive, Report 2021/1612 (2021). https://ia.cr/2021/1612. 2021 |
| [25] | Van Saberhagen, N.: CryptoNote v 2.0 (2013) |
| [26] | Yin, X., Liu, Z., Yang, G., Chen, G., Zhu, H.: Secure Hierarchical Deterministic Wallet Supporting Stealth Address. Cryptology ePrint Archive, Paper 2022/627 (2022). https://eprint.iacr.org/2022/627 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
