This is a potential security issue, you are being redirected to https://csrc.nist.gov.
Abstract: While prior work has shown that computing k^(-1) is the main challenge for threshold ECDSA and often resort to specialized protocols in order to obtain k^(-1), we show that out-of-the-box MPC suffices to compute a threshold ECDSA signature with essentially the same efficiency as the best existing schemes. To illustrate this generality, we implement our technique with all protocols supported by MP-SPDZ, allowing us to examine the trade-offs (in terms of efficiency) one has to make when choosing between different corruption models (malicious vs. semi-honest) and corruption thresholds (honest vs. dishonest majority). Our technique in particular shines in the preprocessing model, where one wants to make many signatures with the same key.
At the center of our protocol is a generic transformation of a secret-sharing scheme based on the following observation: Let G be a generator of group G of order p. Then, given an additive secret-sharing [x] over a field Zp, the value [x]G can be viewed as an additive secret-sharing over G. Notice that this transformation is entirely local. We achieve active security for the protocol over G using regular SPDZ type MACs. If the base Zp protocol is secured with SPDZ MACs, then the G protocol is secure as well, using the same MACs. Key generation, which has been costly in prior works, is simply generating a sharing of random element [x], converting it to a sharing of [xG] and opening it towards everyone to get the public key.
We use our threshold ECDSA protocol to secure DNSSEC keys. Very few domain owners run their own authoritative name servers and zone management is outsourced to DNS operators. Although outsourcing provides benefits such as increased availability of zones and fewer misconfigurations, several issues related to key management arise when DNSSEC is used. These issues extend from the domain owner relinquishing control of private keys to the DNS operator reusing keys for thousands of domains to the possibility of domain takedown by governments. We show how private keys can be secured in the outsourced DNS setting through threshold ECDSA.
NIST Workshop on Multi-Party Threshold Schemes (MPTS) 2020. https://csrc.nist.gov/events/2020/mpts2020
Based on joint work with Anders Dalskov, Marcel Keller, Claudio Orlandi and Haya Shulman.
Security and Privacy: cryptography