Two-Party Adaptor Signatures from Identification Schemes

Erwig, Andreas; Faust, Sebastian; Hostáková, Kristina; Maitra, Monosij; Riahi, Siavash

doi:10.1007/978-3-030-75245-3_17

Cited by 22 publications

(13 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, a HTLC-based ACCS scheme requires that both blockchain scripts must support the same hash function. In addition, due to the fact that on-chain scripts are public, using them may compromise users' privacy (Deshpande and Herlihy 2020;Thyagarajan et al 2022).…”

Section: Related Workmentioning

confidence: 99%

“…the verification of digital signatures. Unfortunately, his protocol does not provide an efficient solution for blockchains that do not support adaptor signatures (Erwig et al 2021;Hanzlik et al 2022).…”

Section: Related Workmentioning

confidence: 99%

“…-Privacy. In ACCS, users' privacy includes: (i) Onchain data privacy (Deshpande and Herlihy 2020). The process of cross-chain swap may leak users' on-chain data.…”

Section: Challenges Of the The Previous Workmentioning

confidence: 99%

“…Moreover, using the same private key share will not compromise the privacy of the players. Because the other player can generate a random private key share, resulting in different final joint addresses and ensuring the unlinkability of cross-chain transactions (Deshpande and Herlihy 2020) . In this case, we can still use the solution employed in the same curve swaps.…”

Section: Extensionsmentioning

confidence: 99%

See 3 more Smart Citations

Atomic cross-chain swap based on private key exchange

Zhu,

Zhang,

Tao

2024

Cybersecurity

View full text Add to dashboard Cite

Atomic Cross-Chain Swap (ACCS) is one important topic in cryptocurrency, where users can securely and trustlessly exchange assets between two different blockchains. However, most known ACCS schemes assume specific scripting functionalities of the underlying blockchains, such as Hash Time Locked Contracts (HTLC). In addition, these schemes are typically only applicable to certain digital signature schemes, like Schnorr or Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. In this paper, we propose a generic ACCS scheme, independent from the underlying blockchains. To the best of our knowledge, this is the first solution of this kind. Our results are as follows. First, we define a formal system model of ACCS. Next, we present a generic ACCS scheme meets our model. This scheme admits atomicity in cross-chain swaps without the need for a Trusted Third Party (TTP) and protects users’ privacy. Finally, by using the Non-Interactive Zero-Knowledge (NIZK) proof protocol as a tool, we instantiate our generic scheme for Elliptic Curve Discrete Logarithm Problem-based (ECDLP-based) signatures. In addition, we implement our scheme, and the experimental results show that our protocol outperforms the existing ACCS schemes, such as the HTLC-based schemes.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

“…-Privacy. In ACCS, users' privacy includes: (i) Onchain data privacy (Deshpande and Herlihy 2020). The process of cross-chain swap may leak users' on-chain data.…”

Section: Challenges Of the The Previous Workmentioning

confidence: 99%

Section: Extensionsmentioning

confidence: 99%

See 2 more Smart Citations

Atomic cross-chain swap based on private key exchange

Zhu,

Zhang,

Tao

2024

Cybersecurity

View full text Add to dashboard Cite

show abstract

“…Since the work by Poelstra, several articles on adaptor signature have appeared, e.g., [9][10][11][12][13][14][15][16][17]. In [10], the authors introduced two adaptor signature schemes based on Schnorr's signature and the elliptic curve digital signature algorithm (ECDSA), respectively.…”

Section: Introductionmentioning

confidence: 99%

Post-Quantum Two-Party Adaptor Signature Based on Coding Theory

Klamti

Hasan

2022

Cryptography

View full text Add to dashboard Cite

An adaptor signature can be viewed as a signature concealed with a secret value and, by design, any two of the trio yield the other. In a multiparty setting, an initial adaptor signature allows each party to create additional adaptor signatures without the original secret. Adaptor signatures help address scalability and interoperability issues in blockchain. They can also bring some important advantages to cryptocurrencies, such as low on-chain cost, improved transaction fungibility, and fewer limitations of a blockchain’s scripting language. In this paper, we propose a new two-party adaptor signature scheme that relies on quantum-safe hard problems in coding theory. The proposed scheme uses a hash-and-sign code-based signature scheme introduced by Debris-Alazard et al. and a code-based hard relation defined from the well-known syndrome decoding problem. To achieve all the basic properties of adaptor signatures formalized by Aumayr et al., we introduce further modifications to the aforementioned signature scheme. We also give a security analysis of our scheme and its application to the atomic swap. After providing a set of parameters for our scheme, we show that it has the smallest pre-signature size compared to existing post-quantum adaptor signatures.

show abstract

Two-Party Adaptor Signatures from Identification Schemes

Erwig

Faust

Hostáková

et al. 2021

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Adaptor signatures are a novel cryptographic primitive with important applications for cryptocurrencies. They have been used to construct second layer solutions such as payment channels or cross-currency swaps. The basic idea of an adaptor signature scheme is to tie the signing process to the revelation of a secret value in the sense that, much like a regular signature scheme, an adaptor signature scheme can authenticate messages, but simultaneously leaks a secret to certain parties. Recently, Aumayr et al. provide the first formalization of adaptor signature schemes, and present provably secure constructions from ECDSA and Schnorr signatures. Unfortunately, the formalization and constructions given in this work have two limitations: (1) current schemes are limited to ECDSA and Schnorr signatures, and no generic transformation for constructing adaptor signatures is known; (2) they do not offer support for aggregated two-party signing, which can significantly reduce the blockchain footprint in applications of adaptor signatures. In this work, we address these two shortcomings. First, we show that signature schemes that are constructed from identification (ID) schemes, which additionally satisfy certain homomorphic properties, can generically be transformed into adaptor signature schemes. We further provide an impossibility result which proves that unique signature schemes (e.g., the BLS scheme) cannot be transformed into an adaptor signature scheme. In addition, we define two-party adaptor signature schemes with aggregatable public keys and show how to instantiate them via a generic transformation from ID-based signature schemes. Finally, we give instantiations of our generic transformations for the Schnorr, Katz-Wang and Guillou-Quisquater signature schemes.

show abstract

Two-Party Adaptor Signatures from Identification Schemes

Cited by 22 publications

References 35 publications

Atomic cross-chain swap based on private key exchange

Atomic cross-chain swap based on private key exchange

Post-Quantum Two-Party Adaptor Signature Based on Coding Theory

Two-Party Adaptor Signatures from Identification Schemes

Contact Info

Product

Resources

About