How to construct efficient on‐line/off‐line threshold signature schemes through the simulation approach

Abstract

AbstractAn on‐line/off‐line threshold signature (𝒪𝒯𝒮) scheme is a distributed cryptosystem in which a group of players jointly generate a signature for a message and use the on‐line/off‐line technique to improve the efficiency of signing. An 𝒪𝒯𝒮 scheme can be applied to large‐scaled distributed data storage systems and can highly improve the efficiency of writing files. There are two approaches to construct an ordinary threshold signature scheme: the direct approach and the simulation approach. Owing to its simplicity, people tend to use the simulation approach, in which the security of a threshold signature scheme is reduced to the security of its underlying (and simpler) signature scheme. The security proof in this approach is based on a theorem that guarantees the validity of the security reduction—we call this theorem the simulation theorem. However, the simulation theorem (and thus the simulation approach) for an ordinary threshold signature scheme cannot be applied to the on‐line/off‐line cases, because partial signature exposure problems might occur in these cases. This paper presents a simulation theorem for the on‐line/off‐line cases, where the security of an 𝒪𝒯𝒮 scheme is reduced to the security of a so‐called divisible on‐line/off‐line signature scheme. This provides a theoretical basis for constructing an 𝒪𝒯𝒮 scheme through the simulation approach. Furthermore, through this approach, we present a concrete 𝒪𝒯𝒮 scheme, which is efficient and its security proof is simple. Copyright © 2009 John Wiley & Sons, Ltd.