Two-party ECDSA signatures have received much attention due to their widespread deployment in cryptocurrencies. Depending on whether or not the message is required, we could divide two-party signing into two different phases, namely, offline and online. The existing two-party protocols of ECDSA are not optimal: either their online phase requires decryption of a ciphertext, or their offline phase needs at least two executions of multiplicative-to-additive conversion which dominates the overall complexity. In this talk, we will give an online-friendly two-party ECDSA with a lightweight online phase and a single multiplicative-to-additive function in the offline phase. It is constructed by a novel design of a re-sharing of the secret key and a linear sharing of the nonce. Our scheme significantly improves previous protocols based on either oblivious transfer or homomorphic encryption. Our scheme outperforms prior online-friendly schemes (i.e., those have lightweight online cost) by a factor of roughly 2 to 9 in both communication and computation. Furthermore, our two-party scheme could be easily extended to the 2-out-of-n threshold ECDSA.

Dr. Xue Haiyang is a cryptography researcher at IIE, Chinese Academy of Sciences. His research is about theoretical cryptography and its applications, including post-quantum cryptography, authenticated key exchange, zero-knowledge proof, etc. He received his Phd at IIE, CAS in 2015 advised by Bao Li. After that, he joined IIE, CAS, and visited the University of Hong Kong as a visiting scholar. His works were published in CCS, ASIACRYPT, RSA, etc.