One-more unforgeability of blind ECDSA

Xianrui Qin; Cailing Cai; Tsz Hon Yuen

doi:10.1007/978-3-030-88428-4_16

One-more unforgeability of blind ECDSA

Xianrui Qin
, Cailing Cai
, Tsz Hon Yuen

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

5 Citations (Scopus)

Abstract

In this paper, we give the first formal security analysis on the one-more unforgeability of blind ECDSA. We start with giving a general attack on blind ECDSA, which is similar to the ROS attack on the blind Schnorr signature. We formulate the ECDSA-ROS problem to capture this attack. Next, we give a generic construction of blind ECDSA based on an additive homomorphic encryption and a corresponding zero-knowledge proof. Our concrete instantiation is about 40 times more bandwidth efficient than the blind ECDSA in AsiaCCS 2019. After that, we give the first formal proof of one-more unforgeability for blind ECDSA, under a new model called algebraic bijective random oracle. The security of our generic blind ECDSA relies on the hardness of a discrete logarithm-based interactive assumption and an assumption of the underlying elliptic curve. Finally, we analyze the hardness of the ECDSA-ROS problem in the algebraic bijective random oracle model.

Original language	English
Title of host publication	Computer Security – ESORICS 2021 - 26th European Symposium on Research in Computer Security Darmstadt, Germany, October 4–8, 2021 Proceedings, Part II
Editors	Elisa Bertino, Haya Shulman, Michael Waidner
Place of Publication	Cham Switzerland
Publisher	Springer
Pages	313-331
Number of pages	19
ISBN (Electronic)	9783030884284
ISBN (Print)	9783030884277
DOIs	https://doi.org/10.1007/978-3-030-88428-4_16
Publication status	Published - 2021
Externally published	Yes
Event	European Symposium on Research in Computer Security 2021 - Online, Darmstadt, Germany Duration: 4 Oct 2021 → 8 Oct 2021 Conference number: 26th https://link-springer-com.ezproxy.lib.monash.edu.au/book/10.1007/978-3-030-88418-5 (Proceedings)

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	12973
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	European Symposium on Research in Computer Security 2021
Abbreviated title	ESORICS 2021
Country/Territory	Germany
City	Darmstadt
Period	4/10/21 → 8/10/21
Internet address	https://link-springer-com.ezproxy.lib.monash.edu.au/book/10.1007/978-3-030-88418-5 (Proceedings)

Keywords

Blind signature
ECDSA
One-more unforgeability

Access to Document

10.1007/978-3-030-88428-4_16

Cite this

Qin, X., Cai, C., & Yuen, T. H. (2021). One-more unforgeability of blind ECDSA. In E. Bertino, H. Shulman, & M. Waidner (Eds.), Computer Security – ESORICS 2021 - 26th European Symposium on Research in Computer Security Darmstadt, Germany, October 4–8, 2021 Proceedings, Part II (pp. 313-331). (Lecture Notes in Computer Science; Vol. 12973). Springer. https://doi.org/10.1007/978-3-030-88428-4_16

Qin, Xianrui ; Cai, Cailing ; Yuen, Tsz Hon. / One-more unforgeability of blind ECDSA. Computer Security – ESORICS 2021 - 26th European Symposium on Research in Computer Security Darmstadt, Germany, October 4–8, 2021 Proceedings, Part II. editor / Elisa Bertino ; Haya Shulman ; Michael Waidner. Cham Switzerland : Springer, 2021. pp. 313-331 (Lecture Notes in Computer Science).

@inproceedings{d38317069e6b43ecb11ee8090e3ad52c,

title = "One-more unforgeability of blind ECDSA",

abstract = "In this paper, we give the first formal security analysis on the one-more unforgeability of blind ECDSA. We start with giving a general attack on blind ECDSA, which is similar to the ROS attack on the blind Schnorr signature. We formulate the ECDSA-ROS problem to capture this attack. Next, we give a generic construction of blind ECDSA based on an additive homomorphic encryption and a corresponding zero-knowledge proof. Our concrete instantiation is about 40 times more bandwidth efficient than the blind ECDSA in AsiaCCS 2019. After that, we give the first formal proof of one-more unforgeability for blind ECDSA, under a new model called algebraic bijective random oracle. The security of our generic blind ECDSA relies on the hardness of a discrete logarithm-based interactive assumption and an assumption of the underlying elliptic curve. Finally, we analyze the hardness of the ECDSA-ROS problem in the algebraic bijective random oracle model.",

keywords = "Blind signature, ECDSA, One-more unforgeability",

author = "Xianrui Qin and Cailing Cai and Yuen, \{Tsz Hon\}",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; European Symposium on Research in Computer Security 2021, ESORICS 2021 ; Conference date: 04-10-2021 Through 08-10-2021",

year = "2021",

doi = "10.1007/978-3-030-88428-4\_16",

language = "English",

isbn = "9783030884277",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "313--331",

editor = "Elisa Bertino and Haya Shulman and Michael Waidner",

booktitle = "Computer Security – ESORICS 2021 - 26th European Symposium on Research in Computer Security Darmstadt, Germany, October 4–8, 2021 Proceedings, Part II",

address = "Switzerland",

url = "https://link-springer-com.ezproxy.lib.monash.edu.au/book/10.1007/978-3-030-88418-5",

}

Qin, X, Cai, C & Yuen, TH 2021, One-more unforgeability of blind ECDSA. in E Bertino, H Shulman & M Waidner (eds), Computer Security – ESORICS 2021 - 26th European Symposium on Research in Computer Security Darmstadt, Germany, October 4–8, 2021 Proceedings, Part II. Lecture Notes in Computer Science, vol. 12973, Springer, Cham Switzerland, pp. 313-331, European Symposium on Research in Computer Security 2021, Darmstadt, Germany, 4/10/21. https://doi.org/10.1007/978-3-030-88428-4_16

One-more unforgeability of blind ECDSA. / Qin, Xianrui; Cai, Cailing; Yuen, Tsz Hon.
Computer Security – ESORICS 2021 - 26th European Symposium on Research in Computer Security Darmstadt, Germany, October 4–8, 2021 Proceedings, Part II. ed. / Elisa Bertino; Haya Shulman; Michael Waidner. Cham Switzerland: Springer, 2021. p. 313-331 (Lecture Notes in Computer Science; Vol. 12973).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - One-more unforgeability of blind ECDSA

AU - Qin, Xianrui

AU - Cai, Cailing

AU - Yuen, Tsz Hon

N1 - Conference code: 26th

PY - 2021

Y1 - 2021

N2 - In this paper, we give the first formal security analysis on the one-more unforgeability of blind ECDSA. We start with giving a general attack on blind ECDSA, which is similar to the ROS attack on the blind Schnorr signature. We formulate the ECDSA-ROS problem to capture this attack. Next, we give a generic construction of blind ECDSA based on an additive homomorphic encryption and a corresponding zero-knowledge proof. Our concrete instantiation is about 40 times more bandwidth efficient than the blind ECDSA in AsiaCCS 2019. After that, we give the first formal proof of one-more unforgeability for blind ECDSA, under a new model called algebraic bijective random oracle. The security of our generic blind ECDSA relies on the hardness of a discrete logarithm-based interactive assumption and an assumption of the underlying elliptic curve. Finally, we analyze the hardness of the ECDSA-ROS problem in the algebraic bijective random oracle model.

AB - In this paper, we give the first formal security analysis on the one-more unforgeability of blind ECDSA. We start with giving a general attack on blind ECDSA, which is similar to the ROS attack on the blind Schnorr signature. We formulate the ECDSA-ROS problem to capture this attack. Next, we give a generic construction of blind ECDSA based on an additive homomorphic encryption and a corresponding zero-knowledge proof. Our concrete instantiation is about 40 times more bandwidth efficient than the blind ECDSA in AsiaCCS 2019. After that, we give the first formal proof of one-more unforgeability for blind ECDSA, under a new model called algebraic bijective random oracle. The security of our generic blind ECDSA relies on the hardness of a discrete logarithm-based interactive assumption and an assumption of the underlying elliptic curve. Finally, we analyze the hardness of the ECDSA-ROS problem in the algebraic bijective random oracle model.

KW - Blind signature

KW - ECDSA

KW - One-more unforgeability

UR - https://www.scopus.com/pages/publications/85117081422

U2 - 10.1007/978-3-030-88428-4_16

DO - 10.1007/978-3-030-88428-4_16

M3 - Conference Paper

AN - SCOPUS:85117081422

SN - 9783030884277

T3 - Lecture Notes in Computer Science

SP - 313

EP - 331

BT - Computer Security – ESORICS 2021 - 26th European Symposium on Research in Computer Security Darmstadt, Germany, October 4–8, 2021 Proceedings, Part II

A2 - Bertino, Elisa

A2 - Shulman, Haya

A2 - Waidner, Michael

PB - Springer

CY - Cham Switzerland

T2 - European Symposium on Research in Computer Security 2021

Y2 - 4 October 2021 through 8 October 2021

ER -

Qin X, Cai C, Yuen TH. One-more unforgeability of blind ECDSA. In Bertino E, Shulman H, Waidner M, editors, Computer Security – ESORICS 2021 - 26th European Symposium on Research in Computer Security Darmstadt, Germany, October 4–8, 2021 Proceedings, Part II. Cham Switzerland: Springer. 2021. p. 313-331. (Lecture Notes in Computer Science). doi: 10.1007/978-3-030-88428-4_16

One-more unforgeability of blind ECDSA

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Cite this