Schnorr/EdDSA Signing
Implementing Schnorr/EdDSA in a Two-Party Method
The two-party protocol for Schnorr/EdDSA signing is designed for enhanced security in elliptic-curve cryptography. Here's how it functions:
Schnorr Signing Algorithm:
A random is chosen, and is computed.
The hash is calculated.
The signature component is computed.
The signature is output as a pair .
Two-Party Computation of Schnorr:
Key Generation: As in ECDSA, parties hold random and , with the public key .
Signature Process: Each party selects random and exchanges and . They then define and locally compute .
Final Signature Calculation:
calculates .
calculates .
The final signature is , satisfying the Schnorr equation.
EdDSA Key Generation Challenges:
In EdDSA, the key is derived by hashing it with SHA-512, and the result is split into two parts: one for the secret key and the other for a Pseudorandom Function (PRF).
For compatibility with EdDSA keys, a secure computation protocol for SHA-512 can be used.
However, for simplicity and security, is currently generated directly in MPC.
Considerations and Security Implications
Security in Two-Party Computation: The protocol ensures that neither party knows the full private key or the nonce , maintaining robust security.
Implementation Subtleties: While the core ideas are straightforward, careful implementation is required to ensure security and compatibility.
Last updated