This paper proposes a deterministic nonce generation technique to address the catastrophic issues associated with nonce reuse in message signing and to enhance the efficiency of Schnorr multi-signature schemes. Additionally, this research aims to reduce computational complexity and bandwidth requirements in digital and multi-signature schemes while maintaining robust security against common attacks. The proposed method was inspired by the EdDSA approach. The methodology includes a comprehensive mathematical analysis of digital signature algorithms and a rigorous examination of their vulnerabilities to well-known cryptographic attacks. This analysis evaluates the effectiveness and robustness of the proposed nonce generation technique within the frameworks of the Schnorr digital signature and the two-round MuSig schemes. Techniques and tools employed in this research involve deterministically generating nonces by hashing the private key and subsequently hashing the result with the message. Furthermore, it is proposed to exclude the public nonce R from the challenge calculations and to allow signers to directly prove possession of their secret keys through the aggregated public key, thereby eliminating the need for non-interactive zero-knowledge (NIZK) proofs. The findings demonstrate significant reductions in computational complexity and operational requirements, thereby improving bandwidth efficiency and making this method well-suited for resource-constrained devices. The approach also exhibits strong resistance to various attacks, including nonce reuse, key cancellation, rogue keys, and virtual machine rewinding.
Citation: Nawras H. Sabbry, Alla Levina. Nonce generation techniques in Schnorr multi-signatures: Exploring EdDSA-inspired approaches[J]. AIMS Mathematics, 2024, 9(8): 20304-20325. doi: 10.3934/math.2024988
This paper proposes a deterministic nonce generation technique to address the catastrophic issues associated with nonce reuse in message signing and to enhance the efficiency of Schnorr multi-signature schemes. Additionally, this research aims to reduce computational complexity and bandwidth requirements in digital and multi-signature schemes while maintaining robust security against common attacks. The proposed method was inspired by the EdDSA approach. The methodology includes a comprehensive mathematical analysis of digital signature algorithms and a rigorous examination of their vulnerabilities to well-known cryptographic attacks. This analysis evaluates the effectiveness and robustness of the proposed nonce generation technique within the frameworks of the Schnorr digital signature and the two-round MuSig schemes. Techniques and tools employed in this research involve deterministically generating nonces by hashing the private key and subsequently hashing the result with the message. Furthermore, it is proposed to exclude the public nonce R from the challenge calculations and to allow signers to directly prove possession of their secret keys through the aggregated public key, thereby eliminating the need for non-interactive zero-knowledge (NIZK) proofs. The findings demonstrate significant reductions in computational complexity and operational requirements, thereby improving bandwidth efficiency and making this method well-suited for resource-constrained devices. The approach also exhibits strong resistance to various attacks, including nonce reuse, key cancellation, rogue keys, and virtual machine rewinding.
| [1] |
W. Diffie, M. Hellman, New directions in cryptography, IEEE Trans. Inf. Theory, 22 (1976), 644–654. https://doi.org/10.1109/TIT.1976.1055638 doi: 10.1109/TIT.1976.1055638
|
| [2] |
R. L. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Commun. ACM, 21 (1978), 120–126. https://doi.org/10.1145/359340.359342 doi: 10.1145/359340.359342
|
| [3] | F. Pub, Digital signature standard (DSS), 1994. Available from: https://csrc.nist.gov/pubs/fips/186/upd1/final |
| [4] |
C. P. Schnorr, Efficient signature generation by smart cards. J. Cryptol., 4 (1991), 161–174. https://doi.org/10.1007/BF00196725 doi: 10.1007/BF00196725
|
| [5] |
D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, B. Y. Yang, High-speed high-security signatures, J. Cryptogr. Eng., 2 (2012), 77–89. https://doi.org/10.1007/s13389-012-0027-1 doi: 10.1007/s13389-012-0027-1
|
| [6] | D. B. Johnson, A. Menezes, S. A. Vanstone, The elliptic curve digital signature algorithm (ECDSA), Int. J. Inf. Secur., 1 (2001), 36–63. |
| [7] |
S. Josefsson, I. Liusvaara, Edwards-curve digital signature algorithm (EdDSA), IRTF. RFC, 2017, 8032. https://doi.org/10.17487/RFC8032.ISSN2070-1721 doi: 10.17487/RFC8032.ISSN2070-1721
|
| [8] |
M. Beunardeau, A. Connolly, H. Ferradi, R. Géraud-Stewart, D. Naccache, D. Vergnaud, Reusing nonces in Schnorr signatures, Pro. Cryptology-AFRI., 2017,224–241. https://doi.org/10.1007/978-3-319-66402-6_14 doi: 10.1007/978-3-319-66402-6_14
|
| [9] |
Y. Romailler, S. Pelissier, Practical fault attack against the Ed25519 and EdDSA signature schemes, Proc. Workshop Fault Diag. Tole. Cryp., 2017, 17–24. https://doi.org/10.1109/FDTC.2017.12 doi: 10.1109/FDTC.2017.12
|
| [10] |
K. Chalkias, F. Garillot, Y. Kondi, V. Nikolaenko, Non-interactive half-aggregation of EdDSA and variants of Schnorr signatures, Lecture Notes Comp. Sci., 2021, 12704. https://doi.org/10.1007/978-3-030-75539-3_24 doi: 10.1007/978-3-030-75539-3_24
|
| [11] |
Y. Kondi, C. Orlandi, L. Roy, Two-round stateless deterministic two-party Schnorr signatures from pseudorandom correlation functions, Lecture Notes Comp. Sci., 2023, 14081. https://doi.org/10.1007/978-3-031-38557-5_21 doi: 10.1007/978-3-031-38557-5_21
|
| [12] |
J. Nick, T. Ruffing, Y. Seurin, P. Wuille, MuSig-DN: Schnorr multi-signatures with verifiably deterministic nonces, Conf. Comput. Commun. Security, 2020, 1717–1731. https://doi.org/10.1145/3372297.3417236 doi: 10.1145/3372297.3417236
|
| [13] |
J. Nick, T. Ruffing, Y. Seurin, MuSig2: Simple two-round Schnorr multi-signatures, Lecture Notes Comp. Sci., 2021, 12825. https://doi.org/10.1007/978-3-030-84242-0_8 doi: 10.1007/978-3-030-84242-0_8
|
| [14] |
P. Q. Nguyen, I. E. Shparlinski, The insecurity of the elliptic curve digital signature algorithm with partially known nonces, Des. Codes Cryptogr., 30 (2003), 201–217. https://doi.org/10.1023/A:1025436905711 doi: 10.1023/A:1025436905711
|
| [15] | Online content: Android security vulnerability, 2013. Available from: https://bitcoin.org/en/alert/2013-08-11-android |
| [16] |
D. Boneh, Schnorr digital signature scheme, Lecture Notes Comp. Sci., 2005,541–542. https://doi.org/10.1007/0-387-23483-7_369 doi: 10.1007/0-387-23483-7_369
|
| [17] | M. Michels, P. Horster, On the risk of disruption in several multiparty signature schemes, Lecture Notes Comp. Sci., 1996. |
| [18] |
G. Maxwell, A. Poelstra, Y. Seurin, P. Wuille, Simple Schnorr multi-signatures with applications to Bitcoin, Des. Codes Cryptogr., 2019. https://doi.org/10.1007/s10623-019-00608-x doi: 10.1007/s10623-019-00608-x
|
Nawras H. Sabbry, Alla Levina. Nonce generation techniques in Schnorr multi-signatures: Exploring EdDSA-inspired approaches[J]. AIMS Mathematics, 2024, 9(8): 20304-20325. doi: 10.3934/math.2024988
DownLoad: