Single-use delegatable signatures allow a delegatee to give the signing right in a restrictive way to a third party. This cryptographic primitive finds applications in the design of blank checks and can even delegate access rights in web authentication. Unfortunately, known constructions work only with non-standard signature schemes and require non-existing secure hardware, making them impractical.In this paper, we construct single-use delegatable ECDSA signatures based on commodity smartphones with hardware-backed keystores. We show how to apply our construction to the web authentication use case. In particular, we show how to delegate FIDO credentials to third parties while not introducing new assumptions to the setting besides the delegate’s trust in the security of the keystore. As an independent application, we discuss the use of our construction as a way to implement blind checks in ECDSA-based cryptocurrencies.
History
Primary Research Area
Algorithmic Foundations and Cryptography
Name of Conference
ACM ASIA Conference on Computer and Communications Security (AsiaCCS)
Journal
Proceedings of the 19th ACM Asia Conference on Computer and Communications Security
Page Range
1801–1813-1801–1813
Publisher
Association for Computing Machinery
BibTeX
@conference{Zhu:Hanzlik:Valta:2024,
title = "Delegating FIDO Credentials Using Single-use ECDSA Signatures",
author = "Zhu, Yeoh Wei" AND "Hanzlik, Lucjan" AND "Valta, Oliver",
year = 2024,
month = 7,
journal = "Proceedings of the 19th ACM Asia Conference on Computer and Communications Security",
pages = "1801–1813--1801–1813",
publisher = "Association for Computing Machinery",
doi = "10.1145/3634737.3657004"
}