高效的两方ECDSA门限方案  被引量：3

作　　者：颜萌 马昌社[1] YAN Meng;MA Changshe(School of Computer Science,South China Normal University,Guangzhou 510631,China)

机构地区：[1]华南师范大学计算机学院,广州510631

出　　处：《华南师范大学学报（自然科学版）》2022年第4期121-128,共8页Journal of South China Normal University(Natural Science Edition)

基　　金：国家自然科学基金项目(61672243)。

摘　　要：针对现有的门限ECDSA方案存在的计算开销过大、签名效率不高以及通信开销过大的问题,提出了一种高效的两方ECDSA门限方案。该方案将签名私钥拆分成2个部分,分别由两方保管;利用同态加密技术,每一次协同签名都需要双方用户同时参与签名过程,其中任意一方都无法掌握完整的签名私钥;将签名阶段分为了离线预计算阶段以及在线签名阶段,在离线预计算阶段提前完成了绝大部分计算量,在线签名阶段高效且快速,提高了签名效率。随后,对该方案给出正确性分析、安全证明及效率对比。研究结果表明:高效的两方ECDSA门限方案的在线签名阶段有效地避免了花销高昂的同态操作,具有签名效率高、通信代价低和交互轮数少等优势,实用性更高。An efficient two-party ECDSA threshold scheme is proposed to fix the problems of existing threshold ECDSA schemes,e.g.,some signature protocols having too much computation overhead or too many interaction rounds,leading to low signature efficiency,and some signature protocols having OT(oblivious transfer)to replace the Paillier homomorphic encryption technology,increasing the communication cost by thousands of times.The scheme divides the signature private key into two parts to be kept by two parties respectively.Using the homomorphic encryption technology,each collaborative signature requires both users to participate in the signature process at the same time.In addition,the signature phase is divided into the offline precomputation phase and the online signature phase.Most of the computation is completed in advance in the offline precomputation phase.The online signature phase is efficient and fast,which improves the signature efficiency.The correctness analysis and security proof of the scheme are given,and the two ECDSA schemes proposed by Lindell and this current scheme are compared in terms of theoretical analysis.The results show that the scheme avoids the expensive homomorphic operation in the online signature phase and has the advantages of high signature efficiency,low communication cost,less interaction rounds and higher practicability.

关 键 词：ECDSA 同态加密 门限签名方案 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]