Please review proxy re-signature on Elliptic Curve

user212942

2/15/24, 4:36 AM

I want to implement proxy re-signature on elliptic curve.

I've been thinking about ideas like the one below, but are there any problems?

Key Generate:

$a = $ alice's secret key
$aG$ = alice's public key
$b = $ bob's secret key
$bG = $bob's secret key
$rk_{ab} = aP * b^{-1} = a/bG$

First Sign:

$Pm$ is hashed point
$k = $ random
$r = ka^{-1}$
$z = e(G, G)$
$s = z^kPm$

Resign:

$r' = rk_{ab} * r = a/bP * ka^{-1} = k*1/b*G$
$s' = s$

Verification:

$t = e(bG, r) = e(G, G)^k = z^k$
Check $tPm == s'$

0 + 2

elliptic-curves

bls-signature

DannyNiu

2/16/24, 5:16 AM

Reviewing full scheme design is off-topic for this site. But you may break down specific components of the formula, and assumptions to make it on-topic. And the best way to get this started, I think, would be to annotate each step of your scheme with comments that explains what they achieves, both mathematically and security-wise/logically.

user212942

3/8/24, 3:30 AM

e(aG, r) = z^k, So Anyone can generate a new signature via z^k .

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Please review proxy re-signature on Elliptic Curve

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.