Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


A Multiparty Computation Approach to Threshold ECDSA

March 11, 2019


Yashvanth Kondi - Northeastern University


Joint work with: Jack Doerner, Eysa Lee, abhi Shelat

Note: this also counted as the 1st (out of three) introductory presentation to the panel "Threshold Protocols for the Digital Signature Standard"

Partial abstract: This paper reports on new protocols (appearing in [DKLs18, DKLs19]) for multi-party ECDSA key-generation and signing with arbitrary thresholds, that are secure against malicious adversaries in the Random Oracle Model assuming only the Computational Die-Hellman Assumption. We instantiate our protocols using the same hash function and elliptic curve group used by the ECDSA signature being computed. Our threshold t scheme requires log(t) + 6 rounds of communication with scope for adjustment to constant rounds if desired, and when t = 2 we provide an optimized two message protocol. We evaluate our implementations and nd that the wall-clock time for computing a signature through our two-party protocol comes to within a factor of 18 of local signatures. Concretely, two parties can jointly sign a message in just over three milliseconds. We also demonstrate the feasibility of signing with a low-power device (as in the setting of 2-factor authentication) by computing a signature between two Raspberry Pi devices in under 60 milliseconds.

A Multiparty Computation Approach to Threshold ECDSA. Click to watch the video.

(Click the above image to see video on Youtube)

Presented at

NIST Threshold Cryptography Workshop 2019

Event Details


    NIST, Gaithersburg campus

Related Topics

Security and Privacy: digital signatures

Created March 12, 2019, Updated June 14, 2021