Stateless Deterministic Multi-party EdDSA Signatures with Low Communication

Qi Feng; Kang Yang; Kaiyi Zhang; Xiao Wang; Yu Yu; Xiang Xie

doi:10.1007/978-3-031-91832-2_9

Stateless Deterministic Multi-party EdDSA Signatures with Low Communication

Qi Feng, Kang Yang, Kaiyi Zhang, Xiao Wang, Yu Yu, Xiang Xie

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

EdDSA is a standardized signing algorithm, by both the IRTF and NIST, that is widely used in blockchain, e.g., Hyperledger, Cardano, Zcash, etc. It is a variant of the well-known Schnorr signature scheme that leverages Edwards curves. It features stateless and deter-ministic nonce generation, meaning it does not rely on a reliable source of randomness or state continuity. Recently, NIST issued a call for multi-party threshold EdDSA signatures, with one approach verifying nonce generation through zero-knowledge (ZK) proofs. In this paper, we propose a new stateless and deterministic multi-party EdDSA protocol in the full-threshold setting, capable of tolerat-ing all-but-one malicious corruption. Compared to the state-of-the-art multi-party EdDSA protocol by Garillot et al. (Crypto’21), our proto-col reduces communication cost by a factor of 56\times 56× while maintaining the same three-round structure, albeit with a roughly 2.25\times 2.25× increase in com-putational cost. We utilize information-theoretic message authentication codes (IT-MACs) in a multi-verifier setting to authenticate values and transform them from the Boolean domain to the arithmetic domain by refining multi-verifier extended doubly-authenticated bits (mv-edaBits). Additionally, we employ pseudorandom correlation functions (PCF)to generate IT-MACs in a stateless and deterministic manner. Combining these elements, we design a multi-verifier zero-knowledge (MVZK) proto-col for stateless and deterministic nonce generation. Our protocol can be used to build secure blockchain wallets and custody solutions, enhancing key protection.

Original language	English
Title of host publication	Public-Key Cryptography – PKC 2025 - 28th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings
Editors	Tibor Jager, Jiaxin Pan
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	268-297
Number of pages	30
ISBN (Print)	9783031918315
DOIs	https://doi.org/10.1007/978-3-031-91832-2_9
State	Published - 2025
Externally published	Yes
Event	28th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2025 - Røros, Norway Duration: 12 May 2025 → 15 May 2025

Publication series

Name	Lecture Notes in Computer Science
Volume	15678 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	28th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2025
Country/Territory	Norway
City	Røros
Period	12/05/25 → 15/05/25

Keywords

Key Protection
Multi-Party EdDSA Signing
Multi-Verifier Zero-Knowledge Proof
Threshold Signature

Access to Document

10.1007/978-3-031-91832-2_9

Cite this

Feng, Q., Yang, K., Zhang, K., Wang, X., Yu, Y., & Xie, X. (2025). Stateless Deterministic Multi-party EdDSA Signatures with Low Communication. In T. Jager, & J. Pan (Eds.), Public-Key Cryptography – PKC 2025 - 28th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings (pp. 268-297). (Lecture Notes in Computer Science; Vol. 15678 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-91832-2_9

Feng, Qi ; Yang, Kang ; Zhang, Kaiyi et al. / Stateless Deterministic Multi-party EdDSA Signatures with Low Communication. Public-Key Cryptography – PKC 2025 - 28th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings. editor / Tibor Jager ; Jiaxin Pan. Springer Science and Business Media Deutschland GmbH, 2025. pp. 268-297 (Lecture Notes in Computer Science).

@inproceedings{50487d18d0cc4c3b8634c4f30a5c1115,

title = "Stateless Deterministic Multi-party EdDSA Signatures with Low Communication",

abstract = "EdDSA is a standardized signing algorithm, by both the IRTF and NIST, that is widely used in blockchain, e.g., Hyperledger, Cardano, Zcash, etc. It is a variant of the well-known Schnorr signature scheme that leverages Edwards curves. It features stateless and deter-ministic nonce generation, meaning it does not rely on a reliable source of randomness or state continuity. Recently, NIST issued a call for multi-party threshold EdDSA signatures, with one approach verifying nonce generation through zero-knowledge (ZK) proofs. In this paper, we propose a new stateless and deterministic multi-party EdDSA protocol in the full-threshold setting, capable of tolerat-ing all-but-one malicious corruption. Compared to the state-of-the-art multi-party EdDSA protocol by Garillot et al. (Crypto{\textquoteright}21), our proto-col reduces communication cost by a factor of 56\textbackslash{}times 56× while maintaining the same three-round structure, albeit with a roughly 2.25\textbackslash{}times 2.25× increase in com-putational cost. We utilize information-theoretic message authentication codes (IT-MACs) in a multi-verifier setting to authenticate values and transform them from the Boolean domain to the arithmetic domain by refining multi-verifier extended doubly-authenticated bits (mv-edaBits). Additionally, we employ pseudorandom correlation functions (PCF)to generate IT-MACs in a stateless and deterministic manner. Combining these elements, we design a multi-verifier zero-knowledge (MVZK) proto-col for stateless and deterministic nonce generation. Our protocol can be used to build secure blockchain wallets and custody solutions, enhancing key protection.",

keywords = "Key Protection, Multi-Party EdDSA Signing, Multi-Verifier Zero-Knowledge Proof, Threshold Signature",

author = "Qi Feng and Kang Yang and Kaiyi Zhang and Xiao Wang and Yu Yu and Xiang Xie",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2025.; 28th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2025 ; Conference date: 12-05-2025 Through 15-05-2025",

year = "2025",

doi = "10.1007/978-3-031-91832-2\_9",

language = "英语",

isbn = "9783031918315",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "268--297",

editor = "Tibor Jager and Jiaxin Pan",

booktitle = "Public-Key Cryptography – PKC 2025 - 28th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings",

address = "德国",

}

Feng, Q, Yang, K, Zhang, K, Wang, X, Yu, Y & Xie, X 2025, Stateless Deterministic Multi-party EdDSA Signatures with Low Communication. in T Jager & J Pan (eds), Public-Key Cryptography – PKC 2025 - 28th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings. Lecture Notes in Computer Science, vol. 15678 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 268-297, 28th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2025, Røros, Norway, 12/05/25. https://doi.org/10.1007/978-3-031-91832-2_9

Stateless Deterministic Multi-party EdDSA Signatures with Low Communication. / Feng, Qi; Yang, Kang; Zhang, Kaiyi et al.
Public-Key Cryptography – PKC 2025 - 28th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings. ed. / Tibor Jager; Jiaxin Pan. Springer Science and Business Media Deutschland GmbH, 2025. p. 268-297 (Lecture Notes in Computer Science; Vol. 15678 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Stateless Deterministic Multi-party EdDSA Signatures with Low Communication

AU - Feng, Qi

AU - Yang, Kang

AU - Zhang, Kaiyi

AU - Wang, Xiao

AU - Yu, Yu

AU - Xie, Xiang

N1 - Publisher Copyright: © International Association for Cryptologic Research 2025.

PY - 2025

Y1 - 2025

N2 - EdDSA is a standardized signing algorithm, by both the IRTF and NIST, that is widely used in blockchain, e.g., Hyperledger, Cardano, Zcash, etc. It is a variant of the well-known Schnorr signature scheme that leverages Edwards curves. It features stateless and deter-ministic nonce generation, meaning it does not rely on a reliable source of randomness or state continuity. Recently, NIST issued a call for multi-party threshold EdDSA signatures, with one approach verifying nonce generation through zero-knowledge (ZK) proofs. In this paper, we propose a new stateless and deterministic multi-party EdDSA protocol in the full-threshold setting, capable of tolerat-ing all-but-one malicious corruption. Compared to the state-of-the-art multi-party EdDSA protocol by Garillot et al. (Crypto’21), our proto-col reduces communication cost by a factor of 56\times 56× while maintaining the same three-round structure, albeit with a roughly 2.25\times 2.25× increase in com-putational cost. We utilize information-theoretic message authentication codes (IT-MACs) in a multi-verifier setting to authenticate values and transform them from the Boolean domain to the arithmetic domain by refining multi-verifier extended doubly-authenticated bits (mv-edaBits). Additionally, we employ pseudorandom correlation functions (PCF)to generate IT-MACs in a stateless and deterministic manner. Combining these elements, we design a multi-verifier zero-knowledge (MVZK) proto-col for stateless and deterministic nonce generation. Our protocol can be used to build secure blockchain wallets and custody solutions, enhancing key protection.

AB - EdDSA is a standardized signing algorithm, by both the IRTF and NIST, that is widely used in blockchain, e.g., Hyperledger, Cardano, Zcash, etc. It is a variant of the well-known Schnorr signature scheme that leverages Edwards curves. It features stateless and deter-ministic nonce generation, meaning it does not rely on a reliable source of randomness or state continuity. Recently, NIST issued a call for multi-party threshold EdDSA signatures, with one approach verifying nonce generation through zero-knowledge (ZK) proofs. In this paper, we propose a new stateless and deterministic multi-party EdDSA protocol in the full-threshold setting, capable of tolerat-ing all-but-one malicious corruption. Compared to the state-of-the-art multi-party EdDSA protocol by Garillot et al. (Crypto’21), our proto-col reduces communication cost by a factor of 56\times 56× while maintaining the same three-round structure, albeit with a roughly 2.25\times 2.25× increase in com-putational cost. We utilize information-theoretic message authentication codes (IT-MACs) in a multi-verifier setting to authenticate values and transform them from the Boolean domain to the arithmetic domain by refining multi-verifier extended doubly-authenticated bits (mv-edaBits). Additionally, we employ pseudorandom correlation functions (PCF)to generate IT-MACs in a stateless and deterministic manner. Combining these elements, we design a multi-verifier zero-knowledge (MVZK) proto-col for stateless and deterministic nonce generation. Our protocol can be used to build secure blockchain wallets and custody solutions, enhancing key protection.

KW - Key Protection

KW - Multi-Party EdDSA Signing

KW - Multi-Verifier Zero-Knowledge Proof

KW - Threshold Signature

UR - https://www.scopus.com/pages/publications/105005933870

U2 - 10.1007/978-3-031-91832-2_9

DO - 10.1007/978-3-031-91832-2_9

M3 - 会议稿件

AN - SCOPUS:105005933870

SN - 9783031918315

T3 - Lecture Notes in Computer Science

SP - 268

EP - 297

BT - Public-Key Cryptography – PKC 2025 - 28th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings

A2 - Jager, Tibor

A2 - Pan, Jiaxin

PB - Springer Science and Business Media Deutschland GmbH

T2 - 28th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2025

Y2 - 12 May 2025 through 15 May 2025

ER -

Feng Q, Yang K, Zhang K, Wang X, Yu Y, Xie X. Stateless Deterministic Multi-party EdDSA Signatures with Low Communication. In Jager T, Pan J, editors, Public-Key Cryptography – PKC 2025 - 28th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 268-297. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-91832-2_9

Stateless Deterministic Multi-party EdDSA Signatures with Low Communication

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this