Adaptively Secure BLS Threshold Signatures from DDH and co-CDH

Sourav Das; Ling Ren

doi:10.1007/978-3-031-68394-7_9

Adaptively Secure BLS Threshold Signatures from DDH and co-CDH

Sourav Das, Ling Ren

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Threshold signatures are one of the most important cryptographic primitives in distributed systems. A popular choice of threshold signature scheme is the BLS threshold signature introduced by Boldyreva (PKC’03). Some attractive properties of Boldyreva’s threshold signature are that the signatures are unique and short, the signing process is non-interactive, and the verification process is identical to that of non-threshold BLS. These properties have resulted in its practical adoption in several decentralized systems. However, despite its popularity and wide adoption, up until recently, the Boldyreva scheme has been proven secure only against a static adversary. Very recently, Bacho and Loss (CCS’22) presented the first proof of adaptive security for the Boldyreva scheme, but they have to rely on strong and non-standard assumptions such as the hardness of one-more discrete log (OMDL) and the Algebraic Group Model (AGM). In this paper, we present the first adaptively secure threshold BLS signature scheme that relies on the hardness of DDH and co-CDH in asymmetric pairing groups in the Random Oracle Model (ROM). Our signature scheme also has non-interactive signing, compatibility with non-threshold BLS verification, and practical efficiency like Boldyreva’s scheme. These properties make our protocol a suitable candidate for practical adoption with the added benefit of provable adaptive security.

Original language	English (US)
Title of host publication	Advances in Cryptology – CRYPTO 2024 - 44th Annual International Cryptology Conference, Proceedings
Editors	Leonid Reyzin, Douglas Stebila
Publisher	Springer
Pages	251-284
Number of pages	34
ISBN (Print)	9783031683930
DOIs	https://doi.org/10.1007/978-3-031-68394-7_9
State	Published - 2024
Event	44th Annual International Cryptology Conference, CRYPTO 2024 - Santa Barbara, United States Duration: Aug 18 2024 → Aug 22 2024

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14926 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	44th Annual International Cryptology Conference, CRYPTO 2024
Country/Territory	United States
City	Santa Barbara
Period	8/18/24 → 8/22/24

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Online availability

10.1007/978-3-031-68394-7_9

Library availability

Discover UIUC Full Text

Cite this

Das, S., & Ren, L. (2024). Adaptively Secure BLS Threshold Signatures from DDH and co-CDH. In L. Reyzin, & D. Stebila (Eds.), Advances in Cryptology – CRYPTO 2024 - 44th Annual International Cryptology Conference, Proceedings (pp. 251-284). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14926 LNCS). Springer. https://doi.org/10.1007/978-3-031-68394-7_9

Adaptively Secure BLS Threshold Signatures from DDH and co-CDH. / Das, Sourav; Ren, Ling.
Advances in Cryptology – CRYPTO 2024 - 44th Annual International Cryptology Conference, Proceedings. ed. / Leonid Reyzin; Douglas Stebila. Springer, 2024. p. 251-284 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14926 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Das, S & Ren, L 2024, Adaptively Secure BLS Threshold Signatures from DDH and co-CDH. in L Reyzin & D Stebila (eds), Advances in Cryptology – CRYPTO 2024 - 44th Annual International Cryptology Conference, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14926 LNCS, Springer, pp. 251-284, 44th Annual International Cryptology Conference, CRYPTO 2024, Santa Barbara, United States, 8/18/24. https://doi.org/10.1007/978-3-031-68394-7_9

Das S, Ren L. Adaptively Secure BLS Threshold Signatures from DDH and co-CDH. In Reyzin L, Stebila D, editors, Advances in Cryptology – CRYPTO 2024 - 44th Annual International Cryptology Conference, Proceedings. Springer. 2024. p. 251-284. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-68394-7_9

Das, Sourav ; Ren, Ling. / Adaptively Secure BLS Threshold Signatures from DDH and co-CDH. Advances in Cryptology – CRYPTO 2024 - 44th Annual International Cryptology Conference, Proceedings. editor / Leonid Reyzin ; Douglas Stebila. Springer, 2024. pp. 251-284 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{608bcb95a0f441fd8acf2256791ff769,

title = "Adaptively Secure BLS Threshold Signatures from DDH and co-CDH",

abstract = "Threshold signatures are one of the most important cryptographic primitives in distributed systems. A popular choice of threshold signature scheme is the BLS threshold signature introduced by Boldyreva (PKC{\textquoteright}03). Some attractive properties of Boldyreva{\textquoteright}s threshold signature are that the signatures are unique and short, the signing process is non-interactive, and the verification process is identical to that of non-threshold BLS. These properties have resulted in its practical adoption in several decentralized systems. However, despite its popularity and wide adoption, up until recently, the Boldyreva scheme has been proven secure only against a static adversary. Very recently, Bacho and Loss (CCS{\textquoteright}22) presented the first proof of adaptive security for the Boldyreva scheme, but they have to rely on strong and non-standard assumptions such as the hardness of one-more discrete log (OMDL) and the Algebraic Group Model (AGM). In this paper, we present the first adaptively secure threshold BLS signature scheme that relies on the hardness of DDH and co-CDH in asymmetric pairing groups in the Random Oracle Model (ROM). Our signature scheme also has non-interactive signing, compatibility with non-threshold BLS verification, and practical efficiency like Boldyreva{\textquoteright}s scheme. These properties make our protocol a suitable candidate for practical adoption with the added benefit of provable adaptive security.",

author = "Sourav Das and Ling Ren",

note = "We want to thank Dan Boneh for pointing us to the DDH rerandomization in their book and Leonid Reyzin for pointing us to the\u00A0[59]. We would also like to thank Crypto 2024 and Eurocrypt 2024 reviewers for their helpful suggestions on how to improve the paper presentation. Finally, we thank Amit Agarwal, Renas Bacho, Julian Loss, Victor Shoup, Alin Tomescu, and Zhoulun Xiang for helpful discussions related to the paper. This work is funded in part by a Chainlink Labs Ph.D. fellowship and the National Science Foundation award #2240976.; 44th Annual International Cryptology Conference, CRYPTO 2024 ; Conference date: 18-08-2024 Through 22-08-2024",

year = "2024",

doi = "10.1007/978-3-031-68394-7_9",

language = "English (US)",

isbn = "9783031683930",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "251--284",

editor = "Leonid Reyzin and Douglas Stebila",

booktitle = "Advances in Cryptology – CRYPTO 2024 - 44th Annual International Cryptology Conference, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Adaptively Secure BLS Threshold Signatures from DDH and co-CDH

AU - Das, Sourav

AU - Ren, Ling

N1 - We want to thank Dan Boneh for pointing us to the DDH rerandomization in their book and Leonid Reyzin for pointing us to the\u00A0[59]. We would also like to thank Crypto 2024 and Eurocrypt 2024 reviewers for their helpful suggestions on how to improve the paper presentation. Finally, we thank Amit Agarwal, Renas Bacho, Julian Loss, Victor Shoup, Alin Tomescu, and Zhoulun Xiang for helpful discussions related to the paper. This work is funded in part by a Chainlink Labs Ph.D. fellowship and the National Science Foundation award #2240976.

PY - 2024

Y1 - 2024

N2 - Threshold signatures are one of the most important cryptographic primitives in distributed systems. A popular choice of threshold signature scheme is the BLS threshold signature introduced by Boldyreva (PKC’03). Some attractive properties of Boldyreva’s threshold signature are that the signatures are unique and short, the signing process is non-interactive, and the verification process is identical to that of non-threshold BLS. These properties have resulted in its practical adoption in several decentralized systems. However, despite its popularity and wide adoption, up until recently, the Boldyreva scheme has been proven secure only against a static adversary. Very recently, Bacho and Loss (CCS’22) presented the first proof of adaptive security for the Boldyreva scheme, but they have to rely on strong and non-standard assumptions such as the hardness of one-more discrete log (OMDL) and the Algebraic Group Model (AGM). In this paper, we present the first adaptively secure threshold BLS signature scheme that relies on the hardness of DDH and co-CDH in asymmetric pairing groups in the Random Oracle Model (ROM). Our signature scheme also has non-interactive signing, compatibility with non-threshold BLS verification, and practical efficiency like Boldyreva’s scheme. These properties make our protocol a suitable candidate for practical adoption with the added benefit of provable adaptive security.

AB - Threshold signatures are one of the most important cryptographic primitives in distributed systems. A popular choice of threshold signature scheme is the BLS threshold signature introduced by Boldyreva (PKC’03). Some attractive properties of Boldyreva’s threshold signature are that the signatures are unique and short, the signing process is non-interactive, and the verification process is identical to that of non-threshold BLS. These properties have resulted in its practical adoption in several decentralized systems. However, despite its popularity and wide adoption, up until recently, the Boldyreva scheme has been proven secure only against a static adversary. Very recently, Bacho and Loss (CCS’22) presented the first proof of adaptive security for the Boldyreva scheme, but they have to rely on strong and non-standard assumptions such as the hardness of one-more discrete log (OMDL) and the Algebraic Group Model (AGM). In this paper, we present the first adaptively secure threshold BLS signature scheme that relies on the hardness of DDH and co-CDH in asymmetric pairing groups in the Random Oracle Model (ROM). Our signature scheme also has non-interactive signing, compatibility with non-threshold BLS verification, and practical efficiency like Boldyreva’s scheme. These properties make our protocol a suitable candidate for practical adoption with the added benefit of provable adaptive security.

UR - http://www.scopus.com/inward/record.url?scp=85202293453&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85202293453&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-68394-7_9

DO - 10.1007/978-3-031-68394-7_9

M3 - Conference contribution

AN - SCOPUS:85202293453

SN - 9783031683930

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 251

EP - 284

BT - Advances in Cryptology – CRYPTO 2024 - 44th Annual International Cryptology Conference, Proceedings

A2 - Reyzin, Leonid

A2 - Stebila, Douglas

PB - Springer

T2 - 44th Annual International Cryptology Conference, CRYPTO 2024

Y2 - 18 August 2024 through 22 August 2024

ER -