Threshold Signatures from Inner Product Argument: Succinct, Weighted, and Multi-threshold

Sourav Das; Javier Nieto; Philippe Camacho; Benedikt Bünz; Zhuolun Xiang; Ling Ren

doi:10.1145/3576915.3623096

Threshold Signatures from Inner Product Argument: Succinct, Weighted, and Multi-threshold

Sourav Das, Javier Nieto, Philippe Camacho, Benedikt Bünz, Zhuolun Xiang, Ling Ren

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Threshold signatures protect the signing key by sharing it among a group of signers so that an adversary must corrupt a threshold number of signers to be able to forge signatures. Existing threshold signatures with succinct signatures and constant verification times do not work if signers have different weights. Such weighted settings are seeing increasing importance in decentralized systems, especially in the Proof-of-Stake blockchains. This paper presents a new paradigm for threshold signatures for pairing and discrete logarithm-based cryptosystems. Our scheme has a compact verification key consisting of only 7 group elements, and a signature consisting of 8 group elements. Verifying the signature requires 8 exponentiations and 8 bilinear pairings. Our scheme supports arbitrary weight distributions among signers and arbitrary thresholds. It requires non-interactive preprocessing after a universal powers-of-tau setup. We prove the security of our scheme in the Algebraic Group Model and implement it using golang. Our evaluation shows that our scheme achieves a comparable signature size and verification time to a standard (unweighted) threshold signature. Compared to existing multisignature schemes, our scheme has a much smaller public verification key.

Original language	English (US)
Title of host publication	CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery, Inc
Pages	356-370
Number of pages	15
ISBN (Electronic)	9798400700507
DOIs	https://doi.org/10.1145/3576915.3623096
State	Published - Nov 15 2023
Event	30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023 - Copenhagen, Denmark Duration: Nov 26 2023 → Nov 30 2023

Publication series

Name	CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Conference

Conference	30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023
Country/Territory	Denmark
City	Copenhagen
Period	11/26/23 → 11/30/23

Keywords

Inner Product Arguments
Multi-threshold
Succinct
Threshold Signatures
Weighted

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Software

Access to Document

10.1145/3576915.3623096

Cite this

Das, S., Nieto, J., Camacho, P., Bünz, B., Xiang, Z., & Ren, L. (2023). Threshold Signatures from Inner Product Argument: Succinct, Weighted, and Multi-threshold. In CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (pp. 356-370). (CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security). Association for Computing Machinery, Inc. https://doi.org/10.1145/3576915.3623096

Threshold Signatures from Inner Product Argument: Succinct, Weighted, and Multi-threshold. / Das, Sourav; Nieto, Javier; Camacho, Philippe et al.
CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2023. p. 356-370 (CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Das, S, Nieto, J, Camacho, P, Bünz, B, Xiang, Z & Ren, L 2023, Threshold Signatures from Inner Product Argument: Succinct, Weighted, and Multi-threshold. in CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, Inc, pp. 356-370, 30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, Copenhagen, Denmark, 11/26/23. https://doi.org/10.1145/3576915.3623096

Das S, Nieto J, Camacho P, Bünz B, Xiang Z, Ren L. Threshold Signatures from Inner Product Argument: Succinct, Weighted, and Multi-threshold. In CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2023. p. 356-370. (CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security). doi: 10.1145/3576915.3623096

Das, Sourav ; Nieto, Javier ; Camacho, Philippe et al. / Threshold Signatures from Inner Product Argument : Succinct, Weighted, and Multi-threshold. CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2023. pp. 356-370 (CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security).

@inproceedings{de76a25bbc894ff9bf6ccbfe260697b3,

title = "Threshold Signatures from Inner Product Argument: Succinct, Weighted, and Multi-threshold",

abstract = "Threshold signatures protect the signing key by sharing it among a group of signers so that an adversary must corrupt a threshold number of signers to be able to forge signatures. Existing threshold signatures with succinct signatures and constant verification times do not work if signers have different weights. Such weighted settings are seeing increasing importance in decentralized systems, especially in the Proof-of-Stake blockchains. This paper presents a new paradigm for threshold signatures for pairing and discrete logarithm-based cryptosystems. Our scheme has a compact verification key consisting of only 7 group elements, and a signature consisting of 8 group elements. Verifying the signature requires 8 exponentiations and 8 bilinear pairings. Our scheme supports arbitrary weight distributions among signers and arbitrary thresholds. It requires non-interactive preprocessing after a universal powers-of-tau setup. We prove the security of our scheme in the Algebraic Group Model and implement it using golang. Our evaluation shows that our scheme achieves a comparable signature size and verification time to a standard (unweighted) threshold signature. Compared to existing multisignature schemes, our scheme has a much smaller public verification key.",

keywords = "Inner Product Arguments, Multi-threshold, Succinct, Threshold Signatures, Weighted",

author = "Sourav Das and Javier Nieto and Philippe Camacho and Benedikt B{\"u}nz and Zhuolun Xiang and Ling Ren",

note = "Publisher Copyright: {\textcopyright} 2023 Copyright held by the owner/author(s). Publication rights licensed to ACM.; 30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023 ; Conference date: 26-11-2023 Through 30-11-2023",

year = "2023",

month = nov,

day = "15",

doi = "10.1145/3576915.3623096",

language = "English (US)",

series = "CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery, Inc",

pages = "356--370",

booktitle = "CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security",

}

TY - GEN

T1 - Threshold Signatures from Inner Product Argument

T2 - 30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023

AU - Das, Sourav

AU - Nieto, Javier

AU - Camacho, Philippe

AU - Bünz, Benedikt

AU - Xiang, Zhuolun

AU - Ren, Ling

PY - 2023/11/15

Y1 - 2023/11/15

N2 - Threshold signatures protect the signing key by sharing it among a group of signers so that an adversary must corrupt a threshold number of signers to be able to forge signatures. Existing threshold signatures with succinct signatures and constant verification times do not work if signers have different weights. Such weighted settings are seeing increasing importance in decentralized systems, especially in the Proof-of-Stake blockchains. This paper presents a new paradigm for threshold signatures for pairing and discrete logarithm-based cryptosystems. Our scheme has a compact verification key consisting of only 7 group elements, and a signature consisting of 8 group elements. Verifying the signature requires 8 exponentiations and 8 bilinear pairings. Our scheme supports arbitrary weight distributions among signers and arbitrary thresholds. It requires non-interactive preprocessing after a universal powers-of-tau setup. We prove the security of our scheme in the Algebraic Group Model and implement it using golang. Our evaluation shows that our scheme achieves a comparable signature size and verification time to a standard (unweighted) threshold signature. Compared to existing multisignature schemes, our scheme has a much smaller public verification key.

AB - Threshold signatures protect the signing key by sharing it among a group of signers so that an adversary must corrupt a threshold number of signers to be able to forge signatures. Existing threshold signatures with succinct signatures and constant verification times do not work if signers have different weights. Such weighted settings are seeing increasing importance in decentralized systems, especially in the Proof-of-Stake blockchains. This paper presents a new paradigm for threshold signatures for pairing and discrete logarithm-based cryptosystems. Our scheme has a compact verification key consisting of only 7 group elements, and a signature consisting of 8 group elements. Verifying the signature requires 8 exponentiations and 8 bilinear pairings. Our scheme supports arbitrary weight distributions among signers and arbitrary thresholds. It requires non-interactive preprocessing after a universal powers-of-tau setup. We prove the security of our scheme in the Algebraic Group Model and implement it using golang. Our evaluation shows that our scheme achieves a comparable signature size and verification time to a standard (unweighted) threshold signature. Compared to existing multisignature schemes, our scheme has a much smaller public verification key.

KW - Inner Product Arguments

KW - Multi-threshold

KW - Succinct

KW - Threshold Signatures

KW - Weighted

UR - http://www.scopus.com/inward/record.url?scp=85179847339&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85179847339&partnerID=8YFLogxK

U2 - 10.1145/3576915.3623096

DO - 10.1145/3576915.3623096

M3 - Conference contribution

AN - SCOPUS:85179847339

T3 - CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

SP - 356

EP - 370

BT - CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery, Inc

Y2 - 26 November 2023 through 30 November 2023

ER -

Threshold Signatures from Inner Product Argument: Succinct, Weighted, and Multi-threshold

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this