An analysis of ECDSA signatures with additive key derivation and presignatures motivated by a threshold ECDSA signing service

演讲人: Jens Groth University College London
时间: 2023-09-21 15:00-2023-09-21 16:00
地点:FIT 1-222

In this talk we will give an introduction to the Internet Computer and dive into the threshold ECDSA signing service that enables smart contracts to sign Bitcoin and Ethereum transactions. The ECDSA signing service supports BIP32 key derivation such that all smart contract public keys can be derived from a single public key, which simplifies key management, and early construction of pre-signatures to enable fast one-round signing of messages. We analyze combinations of these optimization techniques and show for standard non-threshold ECDSA that additive key generation is secure and pre-computation is secure, but combining additive key derivation and pre-computation leads to non-tight security. Fortunately, we can save the combination and tighten security through public re-randomization of the precomputation, which is the solution implemented on the Internet Computer.




Jens is a leading cryptographer who has invented pairing-based NIZK proofs, pairing-based SNARKs, and logarithmic size proof systems underpinning Bulletproofs. He got a PhD from Aarhus University, the Chancellor's Award for Postdoctoral Research at UCLA, became Professor of Cryptology at UCL, and has published more than 50 scientific articles.He is currently a principal researcher at the DFINITY Foundation. More information can be found at