Adaptor signature,a new primitive that alleviates the scalability issue of blockchain to some extent,has been widely adopted in the off-chain payment channel and atomic swap.As an extension of standard digital signatu...Adaptor signature,a new primitive that alleviates the scalability issue of blockchain to some extent,has been widely adopted in the off-chain payment channel and atomic swap.As an extension of standard digital signature,adaptor signature can bind the release of a complete digital signature with the exchange of a secret value.Existing constructions of adaptor signatures are mainly based on Schnorr or ECDSA signature algorithms,which suffer low signing efficiency and long signature length.In this paper,to address these issues,we propose a new construction of adaptor signature using randomized EdDSA,which has Schnorr-like structure with higher signing efficiency and shorter signature length.We prove the required security properties,including unforgeability,witness extractability and pre-signature adaptability,of the new adaptor signature scheme in the random oracle model.We conduct a comparative analysis with an ECDSA-based adaptor signature scheme to demonstrate the effectiveness and feasibility of our new proposal.展开更多
基金supported by the National Key R&D Program of China(2022YFB2701500)the National Natural Science Foundation of China(62272385,62311540156)+2 种基金Shaanxi Distinguished Youth Project(2022JC-47)the Key Research and Development Program of Shaanxi(2021ZDLGY06-04)Major Program of Shandong Provincial Natural Science Foundation for the Fundamental Research(ZR2022ZD03).
文摘Adaptor signature,a new primitive that alleviates the scalability issue of blockchain to some extent,has been widely adopted in the off-chain payment channel and atomic swap.As an extension of standard digital signature,adaptor signature can bind the release of a complete digital signature with the exchange of a secret value.Existing constructions of adaptor signatures are mainly based on Schnorr or ECDSA signature algorithms,which suffer low signing efficiency and long signature length.In this paper,to address these issues,we propose a new construction of adaptor signature using randomized EdDSA,which has Schnorr-like structure with higher signing efficiency and shorter signature length.We prove the required security properties,including unforgeability,witness extractability and pre-signature adaptability,of the new adaptor signature scheme in the random oracle model.We conduct a comparative analysis with an ECDSA-based adaptor signature scheme to demonstrate the effectiveness and feasibility of our new proposal.
