Conference:33rd USENIX Security Symposium
CCF level:CCF A
Categories:network and information security
Year:2024
Conference time:August 14--16, 2024 Philadelphia, PA, USA
Title:
Pixel+ and Pixel++: Compact and Efficient Forward-Secure Multi-Signatures for PoS Blockchain Consensus
Pixel+ 和 Pixel++:用于 PoS 区块链共识的紧凑高效的前向安全多重签名
Authors:****
Abstract:****
Multi-signature schemes have attracted considerable attention in recent years due to their popular applications in PoS blockchains. However, the use of general multi-signature schemes poses a critical threat to the security of PoS blockchains once signing keys get corrupted. That is, after an adversary obtains enough signing keys, it can break the immutable nature of PoS blockchains by forking the chain and modifying the history from some point in the past. Forward-secure multi-signature (FS-MS) schemes can overcome this issue by periodically updating signing keys. The only FS-MS construction currently available is Drijvers et al's Pixel, which builds on pairing groups and only achieves forward security at the time period level.
In this work, we present new FS-MS constructions that either are free from pairing or capture forward security at the individual message level (i.e., fine-grained forward security). Our first construction Pixel+ works for a maximum number of time periods T. Pixel+ signatures consist of only one group element, and can be verified using two exponentiations. It is the first FS-MS from RSA assumption, and has 3.5x and 22.8x faster signing and verification than Pixel, respectively. Our second FS-MS construction Pixel++ is a pairing-based one. It immediately revokes the signing key's capacity of re-signing the message after creating a signature on this message, rather than at the end of the current time period. Thus, it provides more practical forward security than Pixel. On the other hand, Pixel++ is almost as efficient as Pixel in terms of signing and verification. Both Pixel+ and Pixel++ allow for non-interactive aggregation of signatures from independent signers and are proven to be secure in the random oracle model. In addition, they also support the aggregation of public keys, significantly reducing the storage overhead on PoS blockchains.
We demonstrate how to integrate Pixel+ and Pixel++ into PoS blockchains. As a proof-of-concept, we provide implementations of Pixel+ and Pixel++, and conduct several representative experiments to show that Pixel+ and Pixel++ have good concrete efficiency and are practical.
近年来,多重签名方案因其在 PoS 区块链中的广泛应用而备受关注。然而,一旦签名密钥被破坏,使用一般的多重签名方案将对 PoS 区块链的安全性构成严重威胁。也就是说,在对手获得足够的签名密钥后,它可以通过分叉链并修改过去某个时间点的历史记录来破坏 PoS 区块链的不可变性。前向安全多重签名 (FS-MS) 方案可以通过定期更新签名密钥来克服此问题。目前唯一可用的 FS-MS 构造是 Drijvers 等人的 Pixel,它建立在配对组的基础上,并且仅在时间段级别实现前向安全性。
在这项工作中,我们提出了新的 FS-MS 构造,它们要么不受配对限制,要么在单个消息级别捕获前向安全性(即细粒度前向安全性)。我们的第一个构造 Pixel+ 最多可工作 T 个时间段。Pixel+ 签名仅由一个组元素组成,可以使用两个指数进行验证。它是 RSA 假设中的第一个 FS-MS,签名和验证速度分别比 Pixel 快 3.5 倍和 22.8 倍。我们的第二个 FS-MS 构造 Pixel++ 是基于配对的。它在创建此消息的签名后立即撤销签名密钥重新签名消息的能力,而不是在当前时间段结束时。因此,它提供了比 Pixel 更实用的前向安全性。另一方面,Pixel++ 在签名和验证方面几乎与 Pixel 一样高效。Pixel+ 和 Pixel++ 都允许非交互式聚合来自独立签名者的签名,并且在随机预言模型中被证明是安全的。此外,它们还支持公钥的聚合,大大降低了 PoS 区块链的存储开销。
我们演示了如何将 Pixel+ 和 Pixel++ 集成到 PoS 区块链中。作为概念验证,我们提供了Pixel+和Pixel++的实现,并进行了几个有代表性的实验,以证明Pixel+和Pixel++具有良好的具体效率并且具有实用性。
Pdf下载链接 :