A Provably-Unforgeable Threshold EdDSA with an Offline Recovery Party
This work addresses secure distributed signing for cryptographic applications, offering a novel protocol with offline recovery, but it is incremental as it builds on existing threshold ECDSA methods.
The paper tackles the problem of creating a threshold signature scheme for EdDSA that allows an offline participant during key generation without a trusted third party, achieving provable security against adaptive malicious adversaries and demonstrating unforgeability through a reduction to the centralized EdDSA scheme.
A $(t,n)$-threshold signature scheme enables distributed signing among $n$ players such that any subset of size at least $t$ can sign, whereas any subset with fewer players cannot. The goal is to produce threshold digital signatures that are compatible with an existing centralized signature scheme. Starting from the threshold scheme for the ECDSA signature due to Battagliola et al., we present the first protocol that supports EdDSA multi-party signatures with an offline participant during the key-generation phase, without relying on a trusted third party. Under standard assumptions we prove our scheme secure against adaptive malicious adversaries. Furthermore we show how our security notion can be strengthen when considering a rushing adversary. We discuss the resiliency of the recovery in the presence of a malicious party. Using a classical game-based argument, we prove that if there is an adversary capable of forging the scheme with non-negligible probability, then we can build a forger for the centralized EdDSA scheme with non-negligible probability.