Distributed Key Generation (DKG) lets parties derive a common public key while keeping the signing key secret-shared. UC-secure DKG requires a verifiable-sharing enforcement layer -- classically satisfied via Verifiable Secret Sharing (VSS) and/or commitment-and-proof mechanisms -- for secrecy, uniqueness, and affine consistency. We target the Non-eXportable Key (NXK) setting enforced by hardware-backed key-isolation modules (e.g., TEEs, HSM-like APIs), formalized via an ideal KeyBox (keystore) functionality $\mathcal{F}_{KeyBox}$ that keeps shares non-exportable and permits only attested KeyBox-to-KeyBox sealing. With confidentiality delegated to the NXK boundary, the remaining challenge is enforcing transcript-defined affine consistency without exporting or resharing shares. State continuity rules out rewinding-based extraction, mandating straight-line techniques. We combine (i) KeyBox confidentiality; (ii) Unique Structure Verification (USV), a publicly verifiable certificate whose certified scalar never leaves the KeyBox yet whose public group element is transcript-derivable; and (iii) Fischlin-based UC-extractable NIZK arguments of knowledge in a gRO-CRP (global Random Oracle with Context-Restricted Programmability) model. We construct Star DKG (SDKG), a UC-secure scheme for multi-device threshold wallets where a designated service must co-sign but cannot sign alone, realizing a 1+1-out-of-$n$ star access structure (center plus any leaf) over roles (primary vs. recovery) with role-based device registration. In the $\mathcal{F}_{KeyBox}$-hybrid and gRO-CRP models, under DL and DDH assumptions with adaptive corruptions and secure erasures, SDKG UC-realizes a transcript-driven refinement of the standard UC-DKG functionality. Over a prime-order group of size $p$, SDKG incurs $\widetilde{O}(n\log p)$ communication overhead and $\widetilde{O}(n\log^{2.585}p)$ bit-operation cost.

翻译：分布式密钥生成（DKG）协议使得参与方能够生成共同的公钥，同时将签名密钥以秘密共享形式保存。UC安全的DKG协议需要可验证的共享强化层——传统上通过可验证秘密共享（VSS）和/或承诺-证明机制实现——以确保秘密性、唯一性和仿射一致性。本研究针对由硬件支持密钥隔离模块（例如可信执行环境TEE、类HSM API）强化的不可导出密钥（NXK）场景，通过理想密钥箱（密钥库）功能$\mathcal{F}_{KeyBox}$形式化建模，该功能保持共享份额不可导出，并仅允许经过认证的密钥箱间密封传输。在将机密性委托给NXK边界后，剩余挑战在于如何在不导出或重新共享份额的情况下，强制实现由交互记录定义的仿射一致性。状态连续性排除了基于回溯的提取方法，必须采用直线式技术。我们融合了以下技术：（i）密钥箱机密性；（ii）唯一结构验证（USV），这是一种公开可验证的证书，其认证的标量值永不离开密钥箱，但其公开群元素可从交互记录推导；（iii）基于Fischlin方法的UC可提取非交互零知识论证，在gRO-CRP（支持上下文限制可编程性的全局随机预言机）模型中实现。我们构建了星型DKG（SDKG）方案，这是一种适用于多设备门限钱包的UC安全协议，其中指定服务必须参与协同签名但无法单独签名，通过基于角色的设备注册机制，在角色（主用设备与恢复设备）上实现了$n$方参与的1+1-out-of-$n$星型访问结构（中心节点加任意叶节点）。在$\mathcal{F}_{KeyBox}$混合模型与gRO-CRP模型中，基于DL与DDH假设，在自适应腐败和安全擦除条件下，SDKG协议UC实现了标准UC-DKG功能经交互记录驱动的精化版本。在规模为$p$的素数阶群上，SDKG协议产生$\widetilde{O}(n\log p)$的通信开销与$\widetilde{O}(n\log^{2.585}p)$的比特运算成本。