{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:02:52Z","timestamp":1777806172288,"version":"3.51.4"},"reference-count":37,"publisher":"SAGE Publications","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCS"],"published-print":{"date-parts":[[2022,1,20]]},"abstract":"<jats:p>ECDSA is a widely adopted digital signature standard. A number of threshold protocols for ECDSA have been developed that let a set of parties jointly generate the secret signing key and compute signatures, without ever revealing the signing key. Threshold protocols for ECDSA have seen recent interest, in particular due to the need for additional security in cryptocurrency wallets where leakage of the signing key is equivalent to an immediate loss of money. We propose a threshold ECDSA protocol secure against an active adversary in the honest majority model with abort. Our protocol is efficient in terms of both computation and bandwidth usage, and it allows the parties to pre-process parts of the signature, such that once the message to sign becomes known, they can compute a secret sharing of the signature very efficiently, using only local operations. We also show how to obtain guaranteed output delivery (and hence also fairness) in the online phase at the cost of some additional pre-processing work, i.e., such that it either aborts during the pre-processing phase, in which case nothing is revealed, or the signature is guaranteed to be delivered to all honest parties online.<\/jats:p>","DOI":"10.3233\/jcs-200112","type":"journal-article","created":{"date-parts":[[2021,11,5]],"date-time":"2021-11-05T14:56:12Z","timestamp":1636124172000},"page":"167-196","source":"Crossref","is-referenced-by-count":16,"title":["Fast threshold ECDSA with honest majority1"],"prefix":"10.1177","volume":"30","author":[{"given":"Ivan","family":"Damg\u00e5rd","sequence":"first","affiliation":[{"name":"Department of Computer Science, Aarhus University, Aarhus, Denmark. E-mails:\u00a0ivan@cs.au.dk,\u00a0jbn@cs.au.dk"}]},{"given":"Thomas P.","family":"Jakobsen","sequence":"additional","affiliation":[{"name":"Sepior, Aarhus, Denmark. E-mails:\u00a0tpj@sepior.com,\u00a0jip@sepior.com,\u00a0mbo@sepior.com"}]},{"given":"Jesper Buus","family":"Nielsen","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Aarhus University, Aarhus, Denmark. E-mails:\u00a0ivan@cs.au.dk,\u00a0jbn@cs.au.dk"}]},{"given":"Jakob Illeborg","family":"Pagter","sequence":"additional","affiliation":[{"name":"Sepior, Aarhus, Denmark. E-mails:\u00a0tpj@sepior.com,\u00a0jip@sepior.com,\u00a0mbo@sepior.com"}]},{"given":"Michael B\u00e6ksvang","family":"\u00d8stergaard","sequence":"additional","affiliation":[{"name":"Sepior, Aarhus, Denmark. E-mails:\u00a0tpj@sepior.com,\u00a0jip@sepior.com,\u00a0mbo@sepior.com"}]}],"member":"179","reference":[{"key":"10.3233\/JCS-200112_ref2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78524-8_13"},{"key":"10.3233\/JCS-200112_ref3","doi-asserted-by":"publisher","DOI":"10.1145\/62212.62213"},{"key":"10.3233\/JCS-200112_ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354255"},{"issue":"1","key":"10.3233\/JCS-200112_ref6","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1007\/s10623-003-6154-z","article-title":"Generic groups, collision resistance, and ECDSA","volume":"35","author":"Brown","year":"2005","journal-title":"Des. Codes Cryptography"},{"key":"10.3233\/JCS-200112_ref7","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44647-8_2"},{"key":"10.3233\/JCS-200112_ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423367"},{"key":"10.3233\/JCS-200112_ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-26954-8_7"},{"key":"10.3233\/JCS-200112_ref10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-45388-6_10"},{"key":"10.3233\/JCS-200112_ref11","doi-asserted-by":"publisher","DOI":"10.1145\/62212.62214"},{"key":"10.3233\/JCS-200112_ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-96878-0_2"},{"key":"10.3233\/JCS-200112_ref13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30576-7_19"},{"key":"10.3233\/JCS-200112_ref14","unstructured":"A.P.K.\u00a0Dalskov, M.\u00a0Keller, C.\u00a0Orlandi, K.\u00a0Shrishak and H.\u00a0Shulman, Securing DNSSEC keys via threshold ECDSA from generic MPC, IACR Cryptology ePrint Archive 2019 (2019), 889, https:\/\/eprint.iacr.org\/2019\/889."},{"key":"10.3233\/JCS-200112_ref15","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48184-2_8"},{"key":"10.3233\/JCS-200112_ref16","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-34805-0_28"},{"key":"10.3233\/JCS-200112_ref17","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00036"},{"key":"10.3233\/JCS-200112_ref18","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00024"},{"key":"10.3233\/JCS-200112_ref19","unstructured":"A.\u00a0Gagol, J.\u00a0Kula, D.\u00a0Straszak and M.\u00a0Swietek, IACR cryptol. ePrint arch., Threshold ECDSA for Decentralized Asset Custody 2020 (2020), 498. https:\/\/eprint.iacr.org\/2020\/498."},{"key":"10.3233\/JCS-200112_ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243859"},{"key":"10.3233\/JCS-200112_ref21","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-39555-5_9"},{"key":"10.3233\/JCS-200112_ref22","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-68339-9_31"},{"key":"10.3233\/JCS-200112_ref23","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48910-X_21"},{"issue":"1","key":"10.3233\/JCS-200112_ref24","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1006\/inco.2000.2881","article-title":"Robust threshold DSS signatures","volume":"164","author":"Gennaro","year":"2001","journal-title":"Inf. Comput."},{"key":"10.3233\/JCS-200112_ref25","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48405-1_8"},{"key":"10.3233\/JCS-200112_ref26","doi-asserted-by":"publisher","DOI":"10.1145\/28395.28420"},{"issue":"1","key":"10.3233\/JCS-200112_ref27","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/s102070100002","article-title":"The elliptic curve digital signature algorithm (ECDSA)","volume":"1","author":"Johnson","year":"2001","journal-title":"Int. J. Inf. Sec."},{"key":"10.3233\/JCS-200112_ref28","doi-asserted-by":"crossref","unstructured":"J.\u00a0Katz and Y.\u00a0Lindell, Introduction to Modern Cryptography, 2nd edn, CRC Press, 2014. ISBN 9781466570269.","DOI":"10.1201\/b17668"},{"key":"10.3233\/JCS-200112_ref29","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978357"},{"key":"10.3233\/JCS-200112_ref31","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63715-0_21"},{"key":"10.3233\/JCS-200112_ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243788"},{"key":"10.3233\/JCS-200112_ref33","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44647-8_8"},{"key":"10.3233\/JCS-200112_ref34","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48910-X_16"},{"key":"10.3233\/JCS-200112_ref35","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-46766-1_9"},{"issue":"11","key":"10.3233\/JCS-200112_ref37","doi-asserted-by":"publisher","first-page":"612","DOI":"10.1145\/359168.359176","article-title":"How to share a secret","volume":"22","author":"Shamir","year":"1979","journal-title":"Commun. ACM"},{"key":"10.3233\/JCS-200112_ref38","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45539-6_15"},{"key":"10.3233\/JCS-200112_ref39","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-35199-1_17"},{"key":"10.3233\/JCS-200112_ref40","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-47719-5_33"},{"key":"10.3233\/JCS-200112_ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SFCS.1986.25"}],"container-title":["Journal of Computer Security"],"original-title":[],"link":[{"URL":"https:\/\/content.iospress.com\/download?id=10.3233\/JCS-200112","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:34Z","timestamp":1777495534000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.medra.org\/servlet\/aliasResolver?alias=iospress&doi=10.3233\/JCS-200112"}},"subtitle":[],"editor":[{"given":"Clemente","family":"Galdi","sequence":"additional","affiliation":[]},{"given":"Vladimir","family":"Kolesnikov","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2022,1,20]]},"references-count":37,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.3233\/jcs-200112","relation":{},"ISSN":["1875-8924","0926-227X"],"issn-type":[{"value":"1875-8924","type":"electronic"},{"value":"0926-227X","type":"print"}],"subject":[],"published":{"date-parts":[[2022,1,20]]}}}