Title: Lectures on Efficient Online-friendly Two-Party ECDSA Signature

报告人：薛海洋 中国科学院信息工程研究所

Abstract: Two-party ECDSA signatures have received much attention due to their widespread deployment in cryptocurrencies. Depending on whether or not the message is required, we could divide two-party signing into two different phases, namely, offline and online. The existing two-party protocols of ECDSA are not optimal: either their online phase requires decryption of a ciphertext, or their offline phase needs at least two executions of multiplicative-to-additive conversion which dominates the overall complexity. In this talk, we will give an online-friendly two-party ECDSA with a lightweight online phase and a single multiplicative-to-additive function in the offline phase. It is constructed by a novel design of a re-sharing of the secret key and a linear sharing of the nonce. Our scheme significantly improves previous protocols based on either oblivious transfer or homomorphic encryption. Our scheme outperforms prior online-friendly schemes (i.e., those have lightweight online cost) by a factor of roughly 2 to 9 in both communication and computation. Furthermore, our two-party scheme could be easily extended to the 2-out-of-n threshold ECDSA.

About the speaker: Haiyang Xue is a cryptography researcher at IIE, Chinese Academy of Sciences. His research is about theoretical cryptography and its applications, including post-quantum cryptography, authenticated key exchange, zero-knowledge proof, etc. He received his Phd at IIE, CAS in 2015 advised by Bao Li. After that, he joined IIE, CAS, and visited the University of Hong Kong as a visiting scholar. He is the (co-)designer of LAC (round 2 candidate of NIST PQC standardization) and SIAKE (second prize winner of the Chinese post-quantum cryptography competition).  His works were published in ACM CCS, ASIACRYPT, RSA, etc.

时间：2021年11月19日（周五）14:30-16:30，  2021年11月22日（周一）14:30-16:30

地点：腾讯会议 ID: 727 0540 4600

邀请人：孟宪昌 数学学院教授