Foundations of adaptor signatures for distributed ledger protocols

Abstract

The scalability and interoperability challenges in current cryptocurrencies have motivated the design of cryptographic protocols that enable efficient applications on top and across widely used cryptocurrencies such as Bitcoin or Ethereum. Examples of such protocols include (virtual) payment channels, atomic swaps, oracle-based contracts, deterministic wallets, and coin mixing services. Many of these protocols are built upon minimal core functionalities supported by a wide range of cryptocurrencies. Most prominently, adaptor signatures (AS) have emerged as a powerful tool for constructing blockchain protocols that are (mostly) agnostic to the specific logic of the underlying cryptocurrency. Even though AS-based protocols are built upon the same cryptographic principles, they in general are neither post-quantum secure nor there exists a modular way to reason about their security. Instead, all the works analyzing such protocols focus on reproving how adaptor signatures are used to cryptographically link transactions while considering highly simplified blockchain models that do not capture security-relevant aspects of transaction execution in blockchain-based consensus. In this thesis, we construct a post-quantum AS scheme that relies on standard cryptographic assumptions on isogenies, and we formally prove the security of our construction in (quantum) random oracle model. Then, we provide a composable treatment of AS within the Universal Composability (UC) framework to facilitate modularity of AS. Moreover, we present LedgerLocks, a framework for the secure design of AS-based blockchain applications in the presence of a realistic blockchain. LedgerLocks defines the concept of AS-locked transactions, transactions whose publication is bound to the knowledge of a cryptographic secret. We argue that AS-locked transactions are the common building block of AS-based blockchain protocols and we define GLedgerLocks, a realistic ledger model in the UC framework with built-in support for AS-locked transactions. As LedgerLocks abstracts from the cryptographic realization of AS-locked transactions, it allows protocol de- signers to focus on the blockchain-specific security considerations instead. Finally, we showcase the usage of LedgerLocks in modeling and proving security of AS-based blockchain protocols by presenting a payment channel con- struction and a privacy-preserving payment channel hub (PCH) construction built on top of it.