Lockable Signatures for Blockchains: Scriptless Scripts for All Signatures

2021 IEEE Symposium on Security and Privacy (SP) Pub Date : 2021-05-01 DOI:10.1109/SP40001.2021.00065

Sri Aravinda Krishnan Thyagarajan, Giulio Malavolta

{"title":"Lockable Signatures for Blockchains: Scriptless Scripts for All Signatures","authors":"Sri Aravinda Krishnan Thyagarajan, Giulio Malavolta","doi":"10.1109/SP40001.2021.00065","DOIUrl":null,"url":null,"abstract":"Payment Channel Networks (PCNs) have given a huge boost to the scalability of blockchain-based cryptocurrencies: Beyond improving the transaction rate, PCNs enabled cheap cross-currency payments and atomic swaps. However, current PCNs proposals either heavily rely on special scripting features of the underlying blockchain (e.g. Hash Time Lock Contracts) or are tailored to a handful of digital signature schemes, such as Schnorr or ECDSA signatures. This leaves us in an unsatisfactory situation where many currencies that are being actively developed and use different signature schemes cannot enjoy the benefits of a PCN.In this work, we investigate whether we can construct PCNs assuming the minimal ability of a blockchain to verify a digital signature, for any signature scheme. In answering this question in the affirmative, we introduce the notion of lockable signatures, which constitutes the cornerstone of our PCN protocols. Our approach is generic and the PCN protocol is compatible with any digital signature scheme, thus inheriting all favorable properties of the underlying scheme that are not offered by Schnorr/ECDSA (e.g. aggregatable signatures or post-quantum security).While the usage of generic cryptographic machinery makes our generic protocol impractical, we view it as an important feasibility result as it may serve as the basis for constructing optimized protocols for specific signature schemes. To substantiate this claim, we design a highly efficient PCN protocol for the special case of Boneh-Lynn-Shacham (BLS) signatures. BLS signatures enjoy many unique features that make it a viable candidate for a blockchain, e.g. short, unique, and aggregatable signatures. Yet, prior to our work, no PCN was known to be compatible with it (without requiring an advanced scripting language). The cost of our PCN is dominated by a handful of calls to the BLS algorithms. Our concrete evaluation of these basic operations shows that users with commodity hardware can process payments with minimal overhead.","PeriodicalId":6786,"journal":{"name":"2021 IEEE Symposium on Security and Privacy (SP)","volume":"65 1","pages":"937-954"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP40001.2021.00065","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 18

Abstract

Payment Channel Networks (PCNs) have given a huge boost to the scalability of blockchain-based cryptocurrencies: Beyond improving the transaction rate, PCNs enabled cheap cross-currency payments and atomic swaps. However, current PCNs proposals either heavily rely on special scripting features of the underlying blockchain (e.g. Hash Time Lock Contracts) or are tailored to a handful of digital signature schemes, such as Schnorr or ECDSA signatures. This leaves us in an unsatisfactory situation where many currencies that are being actively developed and use different signature schemes cannot enjoy the benefits of a PCN.In this work, we investigate whether we can construct PCNs assuming the minimal ability of a blockchain to verify a digital signature, for any signature scheme. In answering this question in the affirmative, we introduce the notion of lockable signatures, which constitutes the cornerstone of our PCN protocols. Our approach is generic and the PCN protocol is compatible with any digital signature scheme, thus inheriting all favorable properties of the underlying scheme that are not offered by Schnorr/ECDSA (e.g. aggregatable signatures or post-quantum security).While the usage of generic cryptographic machinery makes our generic protocol impractical, we view it as an important feasibility result as it may serve as the basis for constructing optimized protocols for specific signature schemes. To substantiate this claim, we design a highly efficient PCN protocol for the special case of Boneh-Lynn-Shacham (BLS) signatures. BLS signatures enjoy many unique features that make it a viable candidate for a blockchain, e.g. short, unique, and aggregatable signatures. Yet, prior to our work, no PCN was known to be compatible with it (without requiring an advanced scripting language). The cost of our PCN is dominated by a handful of calls to the BLS algorithms. Our concrete evaluation of these basic operations shows that users with commodity hardware can process payments with minimal overhead.

查看原文本刊更多论文

区块链的可锁定签名:所有签名的无脚本脚本

支付通道网络(pcn)极大地推动了基于区块链的加密货币的可扩展性:除了提高交易率外，pcn还实现了廉价的跨货币支付和原子交换。然而，目前的pcn提案要么严重依赖底层区块链的特殊脚本功能(例如哈希时间锁合约)，要么针对少数数字签名方案进行定制，如Schnorr或ECDSA签名。这使我们处于一种令人不满意的情况，即许多正在积极开发并使用不同签名方案的货币无法享受PCN的好处。在这项工作中，我们研究了我们是否可以构建pcn，假设区块链具有最小的能力来验证任何签名方案的数字签名。为了肯定地回答这个问题，我们引入了可锁定签名的概念，它构成了我们的PCN协议的基石。我们的方法是通用的，PCN协议与任何数字签名方案兼容，从而继承了Schnorr/ECDSA没有提供的底层方案的所有有利属性(例如可聚合签名或后量子安全)。虽然通用密码机制的使用使我们的通用协议不切实际，但我们认为它是一个重要的可行性结果，因为它可以作为为特定签名方案构建优化协议的基础。为了证实这一说法，我们针对bonh - lynn - shacham (BLS)签名的特殊情况设计了一个高效的PCN协议。BLS签名具有许多独特的功能，使其成为区块链的可行候选，例如简短，唯一和可聚合的签名。然而，在我们的工作之前，没有PCN与它兼容(不需要高级脚本语言)。我们的PCN的成本主要是对BLS算法的几个调用。我们对这些基本操作的具体评估表明，使用商品硬件的用户可以以最小的开销处理支付。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE Symposium on Security and Privacy (SP)

自引率

0.00%

发文量