Research article

Nonce generation techniques in Schnorr multi-signatures: Exploring EdDSA-inspired approaches

  • Received: 27 December 2023 Revised: 02 May 2024 Accepted: 23 May 2024 Published: 21 June 2024
  • MSC : 11T71, 94A60

  • This paper proposes a deterministic nonce generation technique to address the catastrophic issues associated with nonce reuse in message signing and to enhance the efficiency of Schnorr multi-signature schemes. Additionally, this research aims to reduce computational complexity and bandwidth requirements in digital and multi-signature schemes while maintaining robust security against common attacks. The proposed method was inspired by the EdDSA approach. The methodology includes a comprehensive mathematical analysis of digital signature algorithms and a rigorous examination of their vulnerabilities to well-known cryptographic attacks. This analysis evaluates the effectiveness and robustness of the proposed nonce generation technique within the frameworks of the Schnorr digital signature and the two-round MuSig schemes. Techniques and tools employed in this research involve deterministically generating nonces by hashing the private key and subsequently hashing the result with the message. Furthermore, it is proposed to exclude the public nonce R from the challenge calculations and to allow signers to directly prove possession of their secret keys through the aggregated public key, thereby eliminating the need for non-interactive zero-knowledge (NIZK) proofs. The findings demonstrate significant reductions in computational complexity and operational requirements, thereby improving bandwidth efficiency and making this method well-suited for resource-constrained devices. The approach also exhibits strong resistance to various attacks, including nonce reuse, key cancellation, rogue keys, and virtual machine rewinding.

    Citation: Nawras H. Sabbry, Alla Levina. Nonce generation techniques in Schnorr multi-signatures: Exploring EdDSA-inspired approaches[J]. AIMS Mathematics, 2024, 9(8): 20304-20325. doi: 10.3934/math.2024988

    Related Papers:

  • This paper proposes a deterministic nonce generation technique to address the catastrophic issues associated with nonce reuse in message signing and to enhance the efficiency of Schnorr multi-signature schemes. Additionally, this research aims to reduce computational complexity and bandwidth requirements in digital and multi-signature schemes while maintaining robust security against common attacks. The proposed method was inspired by the EdDSA approach. The methodology includes a comprehensive mathematical analysis of digital signature algorithms and a rigorous examination of their vulnerabilities to well-known cryptographic attacks. This analysis evaluates the effectiveness and robustness of the proposed nonce generation technique within the frameworks of the Schnorr digital signature and the two-round MuSig schemes. Techniques and tools employed in this research involve deterministically generating nonces by hashing the private key and subsequently hashing the result with the message. Furthermore, it is proposed to exclude the public nonce R from the challenge calculations and to allow signers to directly prove possession of their secret keys through the aggregated public key, thereby eliminating the need for non-interactive zero-knowledge (NIZK) proofs. The findings demonstrate significant reductions in computational complexity and operational requirements, thereby improving bandwidth efficiency and making this method well-suited for resource-constrained devices. The approach also exhibits strong resistance to various attacks, including nonce reuse, key cancellation, rogue keys, and virtual machine rewinding.



    加载中


    [1] W. Diffie, M. Hellman, New directions in cryptography, IEEE Trans. Inf. Theory, 22 (1976), 644–654. https://doi.org/10.1109/TIT.1976.1055638 doi: 10.1109/TIT.1976.1055638
    [2] R. L. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Commun. ACM, 21 (1978), 120–126. https://doi.org/10.1145/359340.359342 doi: 10.1145/359340.359342
    [3] F. Pub, Digital signature standard (DSS), 1994. Available from: https://csrc.nist.gov/pubs/fips/186/upd1/final
    [4] C. P. Schnorr, Efficient signature generation by smart cards. J. Cryptol., 4 (1991), 161–174. https://doi.org/10.1007/BF00196725 doi: 10.1007/BF00196725
    [5] D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, B. Y. Yang, High-speed high-security signatures, J. Cryptogr. Eng., 2 (2012), 77–89. https://doi.org/10.1007/s13389-012-0027-1 doi: 10.1007/s13389-012-0027-1
    [6] D. B. Johnson, A. Menezes, S. A. Vanstone, The elliptic curve digital signature algorithm (ECDSA), Int. J. Inf. Secur., 1 (2001), 36–63.
    [7] S. Josefsson, I. Liusvaara, Edwards-curve digital signature algorithm (EdDSA), IRTF. RFC, 2017, 8032. https://doi.org/10.17487/RFC8032.ISSN2070-1721 doi: 10.17487/RFC8032.ISSN2070-1721
    [8] M. Beunardeau, A. Connolly, H. Ferradi, R. Géraud-Stewart, D. Naccache, D. Vergnaud, Reusing nonces in Schnorr signatures, Pro. Cryptology-AFRI., 2017,224–241. https://doi.org/10.1007/978-3-319-66402-6_14 doi: 10.1007/978-3-319-66402-6_14
    [9] Y. Romailler, S. Pelissier, Practical fault attack against the Ed25519 and EdDSA signature schemes, Proc. Workshop Fault Diag. Tole. Cryp., 2017, 17–24. https://doi.org/10.1109/FDTC.2017.12 doi: 10.1109/FDTC.2017.12
    [10] K. Chalkias, F. Garillot, Y. Kondi, V. Nikolaenko, Non-interactive half-aggregation of EdDSA and variants of Schnorr signatures, Lecture Notes Comp. Sci., 2021, 12704. https://doi.org/10.1007/978-3-030-75539-3_24 doi: 10.1007/978-3-030-75539-3_24
    [11] Y. Kondi, C. Orlandi, L. Roy, Two-round stateless deterministic two-party Schnorr signatures from pseudorandom correlation functions, Lecture Notes Comp. Sci., 2023, 14081. https://doi.org/10.1007/978-3-031-38557-5_21 doi: 10.1007/978-3-031-38557-5_21
    [12] J. Nick, T. Ruffing, Y. Seurin, P. Wuille, MuSig-DN: Schnorr multi-signatures with verifiably deterministic nonces, Conf. Comput. Commun. Security, 2020, 1717–1731. https://doi.org/10.1145/3372297.3417236 doi: 10.1145/3372297.3417236
    [13] J. Nick, T. Ruffing, Y. Seurin, MuSig2: Simple two-round Schnorr multi-signatures, Lecture Notes Comp. Sci., 2021, 12825. https://doi.org/10.1007/978-3-030-84242-0_8 doi: 10.1007/978-3-030-84242-0_8
    [14] P. Q. Nguyen, I. E. Shparlinski, The insecurity of the elliptic curve digital signature algorithm with partially known nonces, Des. Codes Cryptogr., 30 (2003), 201–217. https://doi.org/10.1023/A:1025436905711 doi: 10.1023/A:1025436905711
    [15] Online content: Android security vulnerability, 2013. Available from: https://bitcoin.org/en/alert/2013-08-11-android
    [16] D. Boneh, Schnorr digital signature scheme, Lecture Notes Comp. Sci., 2005,541–542. https://doi.org/10.1007/0-387-23483-7_369 doi: 10.1007/0-387-23483-7_369
    [17] M. Michels, P. Horster, On the risk of disruption in several multiparty signature schemes, Lecture Notes Comp. Sci., 1996.
    [18] G. Maxwell, A. Poelstra, Y. Seurin, P. Wuille, Simple Schnorr multi-signatures with applications to Bitcoin, Des. Codes Cryptogr., 2019. https://doi.org/10.1007/s10623-019-00608-x doi: 10.1007/s10623-019-00608-x
  • Reader Comments
  • © 2024 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)
通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

Metrics

Article views(632) PDF downloads(45) Cited by(0)

Article outline

Other Articles By Authors

/

DownLoad:  Full-Size Img  PowerPoint
Return
Return

Catalog