Security of Blind Conditional Signatures Revisited
In this thesis, I investigated a known security vulnerability of the A2L+ coin-mixing protocol, proposed an improved construction, and proved the security of the adapted protocol in the game-based setting.
Abstract
Coin-mixing services allow anonymous blockchain transactions by unlinking the sender and receiver. In a quest to remove trust from the mixing service and improve interoperability and efficiency, Tairi et al. [TMM21] proposed the coin-mixing protocol A2L based on atomic asynchronous locks. Glaeser et al. [GMM+ 22] revised the A2L protocol and introduced the notion of blind conditional signatures (BCS) as the cryptographic core for coin-mixing services, alongside their security definitions. They further gave an improved construction for a secure BCS protocol called A2L+. In their recent work on adaptor signatures, Gerhart et al. [GSST24] exposed a security gap in the A2L+ protocol that allows breaking unforgeability. In this work, we first revisit the current security definitions of BCS and pinpoint their weaknesses. Building on this analysis, we introduce the enhanced security property of selective-failure blindness and present a provably secure construction in the game-based setting. Our main contributions in detail are:
Security properties: We review the current security properties of blind condi- tional signatures according to Glaeser et al. [GMM+ 22] in detail and highlight gaps based on system assumptions that do not always hold and render the scheme insecure under various settings. We propose the strictly stronger security notion of selective-failure blindness based on the work of Fischlin et al. [FS09] that investigated blindness under aborts. Selective-failure blindness ensures that blindness holds even in case of adversarial aborts during the puzzle solver execution. This is an essential security property for blind signature schemes, as it prevents information leakage that could occur based on aborts.
Secure Construction: As the attack by Gerhart et al. [GSST24] showed, the unforgeability security property of the A2L+ construction by Glaeser et al. [GMM+ 22] can be broken since the adaptor signature definitions by Aumayr et al. [AEE+ 21] allow creating a scheme with malleable pre-signatures. We give a revised construction that closes this security gap and protects the sender against collusion between the Hub and Bob. Finally, we prove the security of our revised protocol in the game-based setting.
Full Thesis
You can take a look at the full thesis at the following link.
Acknowledgements
Special thanks to Paul Gerhart and Prof. Dr. Dominique Schröder for supervising this thesis.
Related Posts
Quick Links
Legal Stuff