Security Lunch: Security of EdDSA signatures and half-aggregation of Schnorr's, Lera Nikolaenko; HashWires: Hyperefficient Credential-Based Range Proofs, Kevin Lewi

Security Lunch<br><br>Title 1: Security of EdDSA signatures and half-aggregation of Schnorr's<br>Speaker: Lera Nikolaenko<br>Title 2: HashWires: Hyperefficient Credential-Based Range Proofs<br>Speaker: Kevin Lewi<br>Date: April 7<br>Time: 12:00pm<br>Event link:&nbsp;<br><br><br>"Security of EdDSA signatures and half-aggregation of Schnorr's"<br>Speaker: Lera Nikolaenko<br><br>We have studied the security of EdDSA signatures, discovered discrepancies between the standards and the libraries, which may cause problems for consensus driven-applications that need to agree on the validity of signatures. We formulated the verification algorithm that satisfies the strongest notion of security in hope that it will inform the standardization bodies and the developers and help them implement the scheme in a unified way.<br><br><a href="https://eprint.iacr.org/2020/1244.pdf">https://eprint.iacr.org/2020/1244...(SSR'20)<br><br>We've also studied the non-interactive half-aggregation of Schnorr's signatures that allows to shrink the space for storing signatures by a factor of 2. We formulate the notion of knowledge-of-signatures and study two different constructions with lossy-reduction-best-compression and tight-reduction-worse-compression.&nbsp;<br><br><br><p>“HashWires: Hyperefficient Credential-Based Range Proofs”<br>Speaker:&nbsp;Kevin&nbsp;Lewi<u></u><u></u></p><p>HashWires is a hash-based range proof protocol that is applicable in settings for which there is a trusted third party (typically a credential issuer) that can generate commitments. We refer to these as “credential-based” range proofs. HashWires improves upon hash chain solutions that are typically restricted to micropayments for small interval ranges, achieving an exponential speedup in proof generation and verification time. In terms of proof size, we also show that HashWires compares favorably against Bulletproofs for both 32- and 64-bit numeric values. Although credential-based range proofs are inherently less flexible than general range proofs, we provide a number of applications in which a credential issuer can leverage HashWires to provide range proofs for private values, without having to rely on heavyweight cryptographic tools and assumptions.&nbsp;</p><p><a href="https://eprint.iacr.org/2021/297">https://eprint.iacr.org/2021/297</a><b...

Date: 
Wednesday, April 7, 2021 - 12:00pm to 1:00pm