Single-use delegatable signatures allow a delegatee to give the signing right in a restrictive way to a third party. This cryptographic primitive finds applications in the design of blank checks and can even delegate access rights in web authentication. Unfortunately, known constructions work only with non-standard signature schemes and require non-existing secure hardware, making them impractical.In this paper, we construct single-use delegatable ECDSA signatures based on commodity smartphones with hardware-backed keystores. We show how to apply our construction to the web authentication use case. In particular, we show how to delegate FIDO credentials to third parties while not introducing new assumptions to the setting besides the delegate’s trust in the security of the keystore. As an independent application, we discuss the use of our construction as a way to implement blind checks in ECDSA-based cryptocurrencies.
ACM ASIA Conference on Computer and Communications Security (AsiaCCS)
2024-07-01
2024-12-03