Experimental Analysis of the Recent Key Recovery Protocol with respect to Commitment Schemes.

Recently, Kim et al. proposed a key recovery protocol for (t, n)-threshold ECDSA schemes that enables a user who lost his secret share to recover with the aid of other t users among n users [1]. In their protocol, a commitment scheme was employed to commit to messages, but they provided implementation results of their protocol by employing the Feldman commitment scheme only. In this paper, we examine the efficiency of their protocol with respect to commitment schemes by implementing them. More precisely, we implement the protocol by employing hash-based and Pedersen commitment schemes each as well as the Feldman commitment scheme. Our experimental results show that the hash-based commitment scheme provides the most efficient protocol than other commitment schemes. For example, when t = 3 with 128-bit security, the protocol with the hash-based commitment requires 0.485 ms in total for all computations, while the protocols with Feldman and Pedersen commitment schemes take 7.713 ms and 15.228 ms in total, which improve by factors of about 15.90 and 31.40, respectively.