Efficient Multi-Party EdDSA Signature With Identifiable Aborts and its Applications to Blockchain

The security of secret keys for blockchain-based applications is increasingly important, partly because the theft of secret keys will render a significant financial loss. To guarantee the security of secret keys, many multi-party signature protocols have been proposed. However, few of them are designed for EdDSA-based blockchain that is developing in growth. The folklore and the NIST document for standardizing threshold schemes believe that a distributed hash evaluation is required to design multi-party EdDSA protocols, which leads to a relatively large overhead. In this paper, we present two practical multi-party EdDSA protocols for semi-honest and malicious settings. Our protocols eliminate the distributed hashing by securely maintaining a global state, which is feasible for EdDSA-based blockchain. Furthermore, we extend the malicious protocol to resist DoS attacks by identifying corrupted parties in case of execution aborts. We implemented our EdDSA protocols for different parties using Alibaba cloud servers with all instances of type ecs.t5-c1m2.large. Our protocol in the malicious setting takes 1.51-15.3 ms between 2 parties and 5 parties, and are two orders of magnitude faster than the recent threshold EdDSA protocol. These properties (efficient, identifiable abort, high compatibility) make the two protocols ideal for threshold wallets for EdDSA-based cryptocurrency.