Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PiTPM: Partially Interactive Signatures for Multi-Device TPM Operations

Yunusa Simpa Abdulsalam, Mustapha Hedabou

TL;DR

PiTPM addresses the coordination bottleneck in TPM-based multi-signatures by introducing a trusted Aggregator that uses pre-shared seeds to deterministically compute global commitments. This yields non-interactive signing with constant-size outputs and rogue-key protection, with EU-CMA security under the discrete logarithm assumption in the random oracle model. The framework extends to $(t,n)$ threshold signing via Shamir secret sharing and Feldman commitments, with formal robustness against Aggregator compromises and rogue-key attacks. Empirical evaluation shows significant efficiency gains over interactive schemes, enabling scalable cross-device TPM signing with strong security guarantees.

Abstract

Trusted Platform Module (TPM) 2.0 devices provide efficient hardware-based cryptographic security through tamper-resistant key storage and computation, making them ideal building blocks for multi-party signature schemes in distributed systems. However, existing TPM-based multi-signature constructions suffer from a fundamental limitation, they require interactive protocols where all participants must coordinate during the commitment phase, before any signature can be computed. This interactive requirement creates several critical problems, such as synchronization bottlenecks, quadratic communication complexity, and aborted protocols as a result of participant failure. These limitations become particularly heightened for applications that require cross-device cryptographic operations. This paper presents PiTPM, an Aggregator Framework built upon Schnorr's digital signature. Our protocol eliminates the interactive requirement using a hybrid trust architecture. The proposed framework uses pre-shared randomness seeds stored securely in an Aggregator, enabling deterministic computation of global commitments without inter-participant communication. The resulting signatures of the proposed framework are of constant size regardless of signer count. Our experimental results show a possible paradigm shift in TPM-based cryptographic system design, demonstrating that hybrid trust architectures can achieve significant performance improvements while maintaining rigorous security guarantees. We provide a comprehensive formal security analysis proving EU-CMA security under the discrete logarithm assumption in the random oracle model.

PiTPM: Partially Interactive Signatures for Multi-Device TPM Operations

TL;DR

PiTPM addresses the coordination bottleneck in TPM-based multi-signatures by introducing a trusted Aggregator that uses pre-shared seeds to deterministically compute global commitments. This yields non-interactive signing with constant-size outputs and rogue-key protection, with EU-CMA security under the discrete logarithm assumption in the random oracle model. The framework extends to threshold signing via Shamir secret sharing and Feldman commitments, with formal robustness against Aggregator compromises and rogue-key attacks. Empirical evaluation shows significant efficiency gains over interactive schemes, enabling scalable cross-device TPM signing with strong security guarantees.

Abstract

Trusted Platform Module (TPM) 2.0 devices provide efficient hardware-based cryptographic security through tamper-resistant key storage and computation, making them ideal building blocks for multi-party signature schemes in distributed systems. However, existing TPM-based multi-signature constructions suffer from a fundamental limitation, they require interactive protocols where all participants must coordinate during the commitment phase, before any signature can be computed. This interactive requirement creates several critical problems, such as synchronization bottlenecks, quadratic communication complexity, and aborted protocols as a result of participant failure. These limitations become particularly heightened for applications that require cross-device cryptographic operations. This paper presents PiTPM, an Aggregator Framework built upon Schnorr's digital signature. Our protocol eliminates the interactive requirement using a hybrid trust architecture. The proposed framework uses pre-shared randomness seeds stored securely in an Aggregator, enabling deterministic computation of global commitments without inter-participant communication. The resulting signatures of the proposed framework are of constant size regardless of signer count. Our experimental results show a possible paradigm shift in TPM-based cryptographic system design, demonstrating that hybrid trust architectures can achieve significant performance improvements while maintaining rigorous security guarantees. We provide a comprehensive formal security analysis proving EU-CMA security under the discrete logarithm assumption in the random oracle model.
Paper Structure (16 sections, 25 equations, 4 figures)

This paper contains 16 sections, 25 equations, 4 figures.

Table of Contents

  1. Introduction
  2. Motivation
  3. Our Contribution
  4. Outline
  5. Review of Literature
  6. Secure TPM-enabled Operations
  7. Cryptographic Multi-Signatures
  8. The Proposed Framework
  9. Threshold Signature Extension
  10. Security Analysis
  11. Commitment Transparency and Counter Integrity
  12. Performance Evaluation
  13. Conclusion
  14. Multi-signature Correctness
  15. Threshold Signature Correctness
  16. ...and 1 more sections

Figures (4)

  • Figure 1: The proposed framework with secure aggregator
  • Figure 2: Communication and network latency comparison
  • Figure 3: Signature Geneation and TPM Performance
  • Figure 4: Threshold signature analysis

Theorems & Definitions (2)

  • Definition 1
  • Definition 2