Fast Secure Two-Party ECDSA Signing

Research output: Contribution to journalArticlepeer-review

8 Scopus citations


ECDSA is a standard digital signature scheme that is widely used in TLS, Bitcoin and elsewhere. Unlike other schemes like RSA, Schnorr signatures and more, it is particularly hard to construct efficient threshold signature protocols for ECDSA (and DSA). As a result, the best-known protocols today for secure distributed ECDSA require running heavy zero-knowledge proofs and computing many large-modulus exponentiations for every signing operation. In this paper, we consider the specific case of two parties (and thus no honest majority) and construct a protocol that is approximately two orders of magnitude faster than the previous best. Concretely, our protocol achieves good performance, with a single signing operation for curve P-256 taking approximately 37 ms between two standard machine types in Azure (utilizing a single core only). Our protocol is proven secure for sequential composition under standard assumptions using a game-based definition. In addition, we prove security by simulation under a plausible yet non-standard assumption regarding Paillier. We show that partial concurrency (where if one execution aborts, then all need to abort) can also be achieved.

Original languageEnglish
Article number44
JournalJournal of Cryptology
Issue number4
StatePublished - Oct 2021

Bibliographical note

Publisher Copyright:
© 2021, International Association for Cryptologic Research.


I would like to thank Valery Osheter from Unbound Tech for the implementation of ECDSA protocol and for running the experiments, and Claudio Orlandi for pointing out some minor errors. I also thank Rosario Gennaro for pointing out that the oracle in Sect. 5.2 needs to be defined so that it halts the first time that it returns 0. Finally, I thank the Stanislaw Jarecki who as a referee contributed significantly to making the presentation much clearer and more accurate.

FundersFunder number
Unbound Tech


    • ECDSA
    • Protocols
    • Secure multiparty computation
    • Threshold signatures


    Dive into the research topics of 'Fast Secure Two-Party ECDSA Signing'. Together they form a unique fingerprint.

    Cite this