Recommendations for Discrete-Logarithm Based Cryptography:

Chen, Lily; Moody, Dustin; Regenscheid, Andrew; Randall, Karen

doi:10.6028/nist.sp.800-186-draft

Cited by 22 publications

(9 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Next, we choose the minimum standardized curves slightly over the computed ideal size, such as NIST curves defined in NIST SP 800-186 [6] and standard Pairing-Friendly Curves [23]. As a consequence, the signature/key size based on a standardized curves are generally slightly larger than in an ideal setting where the choice of groups is not constrained.…”

Section: Tight Securitymentioning

confidence: 99%

A New Pairing-Based Two-Round Tightly-Secure Multi-Signature Scheme with Key Aggregation

KOJIMA,

SCHULDT,

HANAOKA

2024

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

Multi-signatures have seen renewed interest due to their application to blockchains, e.g., BIP 340 (one of the Bitcoin improvement proposals), which has triggered the proposals of several new schemes with improved efficiency. However, many previous works have a "loose" security reduction (a large gap between the difficulty of the security assumption and breaking the scheme) or depend on strong idealized assumptions such as the algebraic group model (AGM). This makes the achieved level of security uncertain when instantiated in groups typically used in practice, and it becomes unclear for developers how secure a given scheme is for a given choice of security parameters. Thus, this leads to the question "what kind of schemes can we construct that achieves tight security based on standard assumptions?". In this paper, we show a simple two-round tightly-secure pairing-based multi-signature scheme based on the computation Diffie-Hellman problem in the random oracle model. This proposal is the first two-round multi-signature scheme that achieves tight security based on a computational assumption and supports key aggregation. Furthermore, our scheme reduce the signature bit size by 19% compared with the shortest existing tightly-secure DDH-based multi-signature scheme. Moreover, we implemented our scheme in C++ and confirmed that it is efficient in practice; to complete the verification takes less than 1 [ms] with a total (computational) signing time of 13 [ms] for under 100 signers. The source code of the implementation is published as OSS.

show abstract

Section: Tight Securitymentioning

confidence: 99%

A New Pairing-Based Two-Round Tightly-Secure Multi-Signature Scheme with Key Aggregation

KOJIMA,

SCHULDT,

HANAOKA

2024

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

show abstract

“…Moreover, in any electronic contract signing, designers and developers should consider legal regulations, but it is outside the scope of this paper. We use the ECDSA (Elliptic Curve Digital Signature Algorithm) signature scheme [20], the same used by Ethereum for signing transactions. The security level ("a number associated with the amount of work (the number of operations) that is required to break a cryptographic algorithm or system" [21]) recommended today [22,23] is at least 112 bits, equivalent to a 224-bit key for ECDSA.…”

Section: Smart Contract Specificationmentioning

confidence: 99%

A Multi-Party Contract Signing Solution Based on Blockchain

Ferrer-Gomila

Hinarejos

2021

Electronics

View full text Add to dashboard Cite

Fair digital signature of contracts and agreements is an essential process in any electronic commerce scenario, and therefore also in data marketplaces, where the relationships and agreements among the different parties (consumers and providers) are more dynamic. In multi-party contract signing, N parties wish to sign a contract in a such a way that either all signatories obtain evidence of the signing or none obtains conflicting evidence regarding the honest signatories; the exchange must be fair. In this paper, we propose a blockchain-based multi-party contract signing protocol. This solution does not require the existence or potential intervention of a trusted third party (TTP), thus avoiding the difficulty of N signatories agreeing upon a TTP. In addition, this proposal meets the necessary requirements: fairness, timeliness, non-repudiation of origin, and non-repudiation of receipt. Furthermore, confidentiality can be easily achieved. To minimize costs associated with the use of blockchain, it should be invoked in the case of exception (analogous to optimistic solutions with a TTP) and by only one of the N signatories. However, when the use of blockchain is required, we show that its cost is within perfectly manageable margins.

show abstract

“…Recommended elliptic curves for Federal Government use of ECDSA (including deterministic ECDSA) are provided in NIST Special Publication (SP) 800-186 [30].…”

Section: Introductionmentioning

confidence: 99%

“…FIPS 186-5 approves the use of EdDSA and specifies additional requirements. Recommended elliptic curves for Federal Government use of EdDSA are provided in SP 800-186 [30].…”

Section: Introductionmentioning

confidence: 99%

“…This standard (FIPS 186-5) specifies (Section 6.4) methods for digital signature generation and verification using the Elliptic Curve Digital Signature Algorithm (ECDSA). Specifications for the generation of the domain parameters used during the generation and verification of digital signatures are included in SP 800-186, Recommendations for Discrete Logarithm-Based Cryptography: Elliptic Curve Domain Parameters[30]. ECDSA is the elliptic curve analog of DSA.…”

mentioning

confidence: 99%

See 1 more Smart Citation