zkDaily - 2026-03-26

零知识证明 zkDaily

ZKP Frontier Tracker 🎯

Thu

03.26

2026

Two-Party BBS+ Signature in Two Passes

Paper

https://eprint.iacr.org/2026/573

Xiaofei Wu anonymous credentials

Wu et al. proposed a two-pass two-party BBS+ signing protocol in their paper, reducing communication to 0.85KB (about 27% of prior work) while maintaining efficient computation, making it suitable for lightweight anonymous credential systems.

Notes

BBS+/BBS signatures are key for anonymous credentials and privacy-preserving authentication, with increasing standardization and deployment.
Existing threshold designs require at least three rounds and multi-kilobyte communication in two-party settings.
New protocol uses only two passes with 0.85KB per signature, about 27% of the most bandwidth-efficient prior work (S&P'25).
Competitive signing times (~62ms for one party, ~46ms for the other), efficient even for large message vectors (e.g., ℓ=500).
Full simulation-based security proof in the standard real-ideal paradigm ensures protocol security.
Naturally generalizable to 2-out-of-n threshold settings, enhancing flexibility and practical deployment appeal.

Collected by @icerdesign

零知识证明 zkDaily

Q&A Deep Dive 💬

Thu

03.26

2026

What is a BBS+ signature and what is it used for?

BBS+ is a signature scheme supporting selective disclosure. It is widely used in anonymous credentials, allowing users to prove certain attributes without revealing all data.

Why do we need two-party BBS+ signatures?

A two-party scheme splits the secret key between two entities, such as a server and a device, avoiding single points of failure while remaining lightweight.

How does the scheme reduce communication while preserving security?

It optimizes protocol structure and compresses exchanged data to reduce communication, while using simulation-based security proofs in the standard model to ensure correctness and robustness.

Prompted by @icerdesign