Improving Bitcoin’s Post-Quantum Transaction Efficiency With a Novel Lattice-Based Aggregate Signature Scheme Based on CRYSTALS-Dilithium and a STARK Protocol

Abstract

This paper proposes a novel lattice-based aggregate signature (LAS) scheme that bring post-quantum security to the Bitcoin system without sacrificing its transaction efficiency. Bitcoin currently employs Elliptic Curve Digital Signature Algorithm (ECDSA), which is insecure against the emerging quantum technology, so post-quantum signature schemes like the proposed LAS will become necessary in the near future. However, most of the post-quantum signatures schemes have large signature sizes which decrease Bitcoin’s efficiency while our proposed scheme does not have this negative side effect. Our LAS scheme is based on CRYSTALS-Dilithium and a zero-knowledge Scalable Transparent Arguments of Knowledge (STARK) protocol. CRYSTALS-Dilithium is the most prominent algorithm chosen by the National Institute of Standards and Technology (NIST), yet it still has an adverse limitation: it would cause Bitcoin’s transaction efficiency to fall by 17 times due to its relatively large signature size. On the other hand, the proposed LAS scheme takes full advantage of signature aggregation using the STARK protocol and Dilithium’s easy and fast implementation, thus generating signatures with post-quantum security and small signature sizes which are critical to transaction efficiency. Our proofs convey the correctness, compactness, and post-quantum security of our construction in the quantum random oracle model, and our implementation conveyed that the proposed scheme would only decrease Bitcoin’s transaction efficiency by 3 times, a significant improvement from using Dilithium and other lattice-based aggregate signature schemes. Our proposed scheme has many advantages over the existing schemes and may become very valuable to Bitcoin.