Adaptive Threshold Signatures from DDH Yanbo Chen University of Ottawa

dazzle improved adaptive threshold signatures n.w
1 / 16
Embed
Share

Explore the world of adaptive threshold signatures with Dazzle and related schemes such as Frost, Sparkle, and Twinkle. Understand the security models, static and adaptive schemes, and the latest developments in pairing-free DL settings. Discover how these schemes provide adaptively secure solutions from DDH and standard assumptions, offering smaller signatures and various levels of security. Dive into the advancements in 2-round and fully tight schemes, along with the implications for interactive assumptions. Stay informed about the latest research in this field brought to you by Yanbo Chen from the University of Ottawa.

  • Adaptive Threshold Signatures
  • Security Models
  • DDH
  • University of Ottawa
  • Scheme
rayaanacharya
jsass Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Dazzle: Improved Adaptive Threshold Signatures from DDH Yanbo Chen University of Ottawa

  2. Threshold Signature Distribute ?? among ? users ? users can jointly sign ? 1 users cannot ?? ?? ??1 ??2 ??3 ??4 ??5

  3. Security Models Static model Corrupt ? 1 users Then scheme is initiated Adaptive model Scheme is initiated Then adaptively corrupt and interact

  4. TS in Pairing-Free DL Setting FROST [Komlo-Goldberg 20] Threshold Schnorr Statically secure from interactive assumption Scheme FROST Adaptive? AGM? Assumption Round 2 Sig. Size 1G+1Z Sec. Loss AOMDL (?/?)

  5. Adaptive TS in Pairing-Free DL Setting Sparkle [Crites-Komlo-Maller 23] Threshold Schnorr Partially adaptively secure from interactive assumption Adaptively secure from interactive assumption + AGM Scheme FROST FROST Sparkle Scheme Adaptive? AGM? Assumption Adaptive? AGM? Assumption Round 2 2 3 Round Sig. Size Sig. Size 1G+1Z 1G+1Z 1G+1Z Sec. Loss Sec. Loss AOMDL AOMDL DL AOMDL AOMDL (?/?) (?/?) < ?/2 (?/?)

  6. Adaptive TS in Pairing-Free DL Setting Recently [Katsumata-Reichle-Takemure 24, Bacho-Das-Loss-Ren 25] Adaptively secure from standard assumption 5-Round Scheme FROST Sparkle Adaptive? AGM? Assumption Round 2 3 Sig. Size 1G+1Z 1G+1Z Sec. Loss AOMDL DL AOMDL AOMDL DL/DDH (?/?) < ?/2 (?/?) KRT & Glacius 5 1G+1Z (?/?)

  7. Adaptive TS in Pairing-Free DL Setting Twinkle [Bacho-Loss-Tessaro-Wagner-Zhu 24] Not Schnorr Adaptively secure from DDH Scheme FROST Sparkle Adaptive? AGM? Assumption Round 2 3 Sig. Size 1G+1Z 1G+1Z Sec. Loss AOMDL DL AOMDL AOMDL DL/DDH DDH (?/?) < ?/2 (?/?) KRT & Glacius Twinkle 5 3 1G+1Z 2G+3Z (?/?) (?)

  8. This Work Dazzle and Dazzle-T Adaptively secure from DDH Smaller signatures Dazzle: 2-round Dazzle-T: fully tight Scheme FROST Sparkle Sparkle Scheme FROST Adaptive? AGM? Assumption Adaptive? AGM? Assumption Round 2 Round 2 3 3 Sig. Size 1G+1Z Sig. Size 1G+1Z 1G+1Z 1G+1Z Sec. Loss Sec. Loss AOMDL DL AOMDL AOMDL DL/DDH DDH DDH DDH DDH AOMDL DL AOMDL AOMDL DL/DDH (?/?) (?/?) < ?/2 < ?/2 (?/?) (?/?) KRT & Glacius Twinkle Twinkle Dazzle Dazzle-T KRT & Glacius 5 5 3 3 2 3 1G+1Z 1G+1Z 2G+3Z 2G+3Z 1G+3Z 1G+3Z (?/?) (?/?) (?) (?) (?) ?(?)

  9. Underlying Standard Signature Scheme ? ? ??? ? ? ?? ? ? ?? ?? ? ? ? ? ?? =? = ? Sign ?: ? ? ?, ? ? ? ? ? ? ?,?,? Schnorr-like PoK of ? ? ? ? ? ? ? ? ? ? ? for relation = ? (?,?,?,?)

  10. Security ? ? ??? Reduction embeds DDH Not in ??! Knows ?? Threshold scheme: knows ??1, ,??? handle corruption queries ? ? ?? ? ? ?? ?? ? ? ? ? ?? =? = ? Sign ?: ? ? ?, ? ? ? ? ? ? can ?,?,? Schnorr-like PoK of ? ? ? ? ? ? ? ? ? ? ? for relation = ? (?,?,?,?)

  11. Dazzle: Threshold Scheme ? ? ?? ? ? ??? ? ? ?? ?1 ?1 ?? ?? ??1 ??? ? ? ?? ?? ? ? ? ? ?? =? = ? Sign ?: ? ? Key-homomorphic , if with common ? ?, ? ? ? ? ? ? ?,?,? Schnorr-like PoK of ? ? Threshold Sign: Individually compute (??,??,??,??) Exchange (??,??,??,??) ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? for relation ? ? ? ? ?,?,?,?,? ? = ? (?,?,?,?) ? Aggregate into (?,?,?,?) Individually compute (??,??) Exchange (??,??) ? ?+ ?? ?

  12. Improvements over Twinkle ? ? ??? ? ? ?? ? ? ?? ?? ? ? ? ? ?? =? = ? Twinkle: ?, ?,?, ? ? ? ? ? Sign ?: ? ? ?, ? ? ? ? ? ? ? ? ? ? ? ? ?,?,? Schnorr-like PoK of ? ? ? ? ? ? ? ? ? ? ? for relation = ? (?,?,?,?)

  13. Improvements over Twinkle ? ? ?? ? ? ??? ? ? ?? ?1 ?1 ?? ?? ??1 ??? ?? ?? ? ? ? ? ? ? ?? =? = ? Sign ?: ? ? ?,?,? Schnorr-like PoK of ? ?, ? ? ? ? ? ? ? Twinkle: Exchange using commit-reveal Threshold Sign: Individually compute (??,??,??,??) Directly exchange (??,??,??,??) ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? for relation ? ? ? ? ?,?,?,?,? ? = ? (?,?,?,?) ? Aggregate into (?,?,?,?) Individually compute (??,??) Exchange (??,??) ? ?+ ?? ?

  14. Commit-Reveal Or Not? Needed if reduction uses HVZK simulator to sign Solutions in previous work: AOMDL assumption Message-specific signing trapdoors For us Real secret key shares

  15. Dazzle-T Tight version of standard signature scheme A direct transformation to 3-round threshold scheme With a tweak to preserve tightness

  16. Thanks!

Related


Visual Presentation Slides from Griffin & Pustay on International Business

Visual Presentation Slides from Griffin & Pustay on International Business

langston
Tentative Timeline for Submission Process and Visual Slides

Tentative Timeline for Submission Process and Visual Slides

severin
Visual Presentation Slides for Webinar

Visual Presentation Slides for Webinar

adelheid
ARGOS Inventory by Fund Queries Presentation Slides

ARGOS Inventory by Fund Queries Presentation Slides

fionn
Slides Gallery for Presentation

Slides Gallery for Presentation

arav
Beautiful Slides Showcase

Beautiful Slides Showcase

emilie
Collection of Beautiful Slides for Presentation

Collection of Beautiful Slides for Presentation

delphi
Instructions for Using These Slides

Instructions for Using These Slides

mars
Physics Presentation Slides on Rotational Motion, Thermodynamics, and Data-Based Questions

Physics Presentation Slides on Rotational Motion, Thermodynamics, and Data-Based Questions

laila
Visual Presentation Slides Showcase

Visual Presentation Slides Showcase

luella
Collection of Slides with Descriptions

Collection of Slides with Descriptions

astraea
Visual Presentation Slides Collection

Visual Presentation Slides Collection

xochitl
Guidelines for Using UPMC PowerPoint Template

Guidelines for Using UPMC PowerPoint Template

zayd
Visual Presentation Slides Collection

Visual Presentation Slides Collection

tansy
Beautiful Presentation Slides Showcase

Beautiful Presentation Slides Showcase

asta
Visual Drill and Alphabet Presentation Slides Collection

Visual Drill and Alphabet Presentation Slides Collection

dulcie
Analysis of 'The Scholarship Jacket' by Marta Salinas

Analysis of 'The Scholarship Jacket' by Marta Salinas

absalom
Visual Presentation Slides Collection

Visual Presentation Slides Collection

talullah
Presentation Slides Showcase

Presentation Slides Showcase

aoife
Collection of Slides for Presentation

Collection of Slides for Presentation

imelda
Visual Highlights from OP-ED Slides

Visual Highlights from OP-ED Slides

numair
Efficient Method for Importing Slides into a New Presentation

Efficient Method for Importing Slides into a New Presentation

arno

More Related Content