An Efficient Two-Party ECDSA Scheme for Cryptocurrencies

Threshold signatures have emerged as a promising solution to secure cryptocurrencies. While some signature algorithms like Schnorr, BLS, EdDSA are threshold-friendly, the structure of ECDSA makes it challenging to construct such schemes. As such the known threshold ECDSA schemes use complex zero-knowledge proofs. However, these impact their performance negatively. Further, these schemes have attempted to achieve efficiency in signature computation part while accepting complexity in the key generation. To be more specific, in the known 2-of-2 schemes the two parties need to perform key generation together to be able to run signature computation. In this work, we propose an efficient two-party ECDSA protocol that enables two parties to "aggregate" their ECDSA signature (on a single message) without participating in any kind of key generation process. Our protocol is based on additive sharing of (ECDSA) private keys and homomorphic properties of Paillier encryption. All the zero-knowledge proof we use are non-interactive. As a result, our key generation is 7x faster than state-of-the-art. In terms of overall time complexity, our scheme is comparable with state of the art 2-of-2 ECDSA scheme.