Threshold Signature Scheme Research Articles

KORGAN: An Efficient PKI Architecture Based on PBFT Through Dynamic Threshold Signatures

AbstractDuring the past decade, several misbehaving certificate authorities (CAs) have issued fraudulent TLS certificates allowing man-in-the-middle (MITM) kinds of attacks that result in serious security incidents. In order to avoid such incidents, Yakubov et al. ((2018) A blockchain-based PKI management framework. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, Taiwan, April, pp. 16. IEEE) recently proposed a new public key infrastructure (PKI) architecture where CAs issue, revoke and validate X.509 certificates on a public blockchain. However, in their proposal TLS clients are subject to MITM kinds of attacks, and certificate transparency is not fully provided. In this paper, we eliminate the issues of the Yakubov et al.’s scheme and propose a new PKI architecture based on permissioned blockchain with PBFT consensus mechanism where the consensus nodes utilize a dynamic threshold signature scheme to generate signed blocks. In this way, the trust to the intermediary entities can be completely eliminated during certificate validation. Our scheme enjoys the dynamic property of the threshold signature because TLS clients do not have to change the verification key even if the validator set is dynamic. We implement our proposal on private Ethereum network to demonstrate the experimental results. The results show that our proposal has negligible overhead during TLS handshake. The certificate validation duration is less than the duration in the conventional PKI and Yakubov et al.’s scheme.

Hierarchical Byzantine fault-tolerance protocol for permissioned blockchain systems

Emerging blockchain technology has introduced a new challenge to the distributed system research: Can Byzantine fault-tolerance protocols scale up to, for example, hundreds of nodes? In this work, we introduce HiBFT, a hierarchical Byzantine fault-tolerance protocol to address the problem. The core idea is to divide replicas into groups and exchange consensus messages among groups, thus avoiding the necessity of message broadcasting. The motivation for such approach bases on the hierarchical property of network architecture in permissioned block chains, our target deployments. HiBFT works very much in the same way as the classical Practical Byzantine Fault-Tolerance protocol. However, it replaces the concept of physical replica with a logical one that represents a replica group. As such, protocol message complexity can be reduced from $$O(N^2)$$ to $$O(s^2)$$ where N and s are the total number of replicas and the number of groups. Additionally, using threshold signature scheme for representing a logical group results in two important improvements: The cost of signature verification is significantly reduced at each replica; blocks can be secured more effectively in terms of signature size. Our protocol guarantees safety and liveness under partially synchronous assumption with a correctness proof. Our experiment results show that the protocol can scale up to hundred of nodes.

Threshold-directed signature scheme based on hybrid number theoretic problems

Directed signature is a type of function-based signature with the property that the signature only can be verified by a designated verifier and at certain times, the verifier should be able to convince anyone about the validity of the signature without revealing any secret information about the signature to the public. Taking into consideration the involvement of group decision making, some threshold directed signature schemes based on single number theoretic problems, such as integer factorization, discrete logarithm problem, and elliptic curve discrete logarithm problem, have been developed by cryptographers. Although the single-problem-based schemes are still invincible because there is still no cryptanalyst to find the solution to the problems, in the future, if the enemy or attacker manages to get the polynomial algorithm to solve the single problems, the schemes will no longer be practiced and applied. For such reason, in this paper, we propose a new threshold-directed signature scheme based on integer factorization and discrete logarithm problems. The advantage of our scheme is based on the assumption that it is very unlikely to solve two hard number theoretic problems simultaneously. We also show that our scheme is secured against some cryptographic attacks and also significantly efficient compared with threshold signature scheme based on single problem.

A Forward-secure Threshold Signature Scheme Based on Multiplicative Secret Sharing and Strong RSA Assumption

A new forward-secure threshold digital signature scheme which based on multiplicative secret sharing and strong RSA assumption is put forward in this paper. The scheme has the following property: It have the property of forward security, even if more than the threshold numbers of players are compromised, it is not possible to forge the signature which is related to the past. This property is achieved while keeping the public key fixed and updating the secret keys at regular intervals. Assuming that factoring is hard, we proved that this scheme is security in the random oracle model.

A Forward-secure Threshold Signature Scheme Based on Multiplicative Secret Sharing and Strong RSA Assumption

A Forward-secure Threshold Signature Scheme Based on Multiplicative Secret Sharing and Strong RSA Assumption

Born and raised distributively: Fully distributed non-interactive adaptively-secure threshold signatures with short shares

Threshold cryptography is a fundamental distributed computational paradigm for enhancing the availability and the security of cryptographic public-key schemes. It does it by dividing private keys into n shares handed out to distinct servers. In threshold signature schemes, a set of at least t+1≤n servers is needed to produce a valid digital signature. Availability is assured by the fact that any subset of t+1 servers can produce a signature when authorized. At the same time, the scheme should remain robust (in the fault tolerance sense) and unforgeable (cryptographically) against up to t corrupted servers; i.e., it adds quorum control to traditional cryptographic services and introduces redundancy. Originally, most practical threshold signatures have a number of demerits: They have been analyzed in a static corruption model (where the set of corrupted servers is fixed at the very beginning of the attack); they require interaction; they assume a trusted dealer in the key generation phase (so that the system is not fully distributed); or they suffer from certain overheads in terms of storage (large share sizes).In this paper, we construct practical fully distributed (the private key is born distributed), non-interactive schemes—where the servers can compute their partial signatures without communication with other servers—with adaptive security (i.e., the adversary corrupts servers dynamically based on its full view of the history of the system). Our schemes are very efficient in terms of computation, communication, and scalable storage (with private key shares of size O(1), where certain solutions incur O(n) storage costs at each server). Unlike other adaptively secure schemes, our schemes are erasure-free (reliable erasure is hard to assure and hard to administer properly in actual systems). To the best of our knowledge, such a fully distributed highly constrained scheme has been an open problem in the area. In particular, and of special interest, is the fact that Pedersen's traditional distributed key generation (DKG) protocol can be safely employed in the initial key generation phase when the system is born—although it is well-known not to ensure uniformly distributed public keys. An advantage of this is that this protocol only takes one round optimistically (in the absence of faulty player).

RPIDA: Recoverable Privacy-preserving Integrity-assured Data Aggregation Scheme for Wireless Sensor Networks

Threshold signature is very important in identity authentication and some other applications. In December 2010, Chinese Encryption Administration released the SM2 elliptic curve digital signature algorithm as the first standard of the digital signature algorithm in China. At present, the papers on the threshold signature scheme based on this algorithm are few. A SM2 elliptic curve threshold signature scheme without a trusted center is proposed according to the Joint-Shamir-RSS algorithm, the Joint-Shamir-ZSS algorithm, the sum or diff-SS algorithm, the Mul-SS algorithm, the Inv-SS algorithm and the PM-SS algorithm. The proposed scheme is analyzed from correctness, security and efficiency. The correctness analysis shows that the proposed scheme can realize the effective threshold signature. The security analysis shows that the proposed scheme can resist some kinds of common attacks. The efficiency analysis shows that if the same secret sharing algorithms are used to design the threshold signature schemes, the SM2 elliptic curve threshold signature scheme will be more efficient than the threshold signature scheme based on ECDSA.

Leveraging Certificate-less Public Key Cryptosystem for Node ID Assignment in Structured P2P Systems

The security of node ID assignment scheme is the foundation of solving security problems in structured P2P systems. However, existing researches on the node ID assignment mechanism present one or more following problems: (1) Schemes just only focused on individual attack, but did not comprehensively analyze the security requirements of node ID assignment mechanism. (2) Schemes needed complex certificate management or met key escrow problem. (3) Almost all existing schemes required a trusted center to act as the single signer of node IDs, but it is very hard to find an absolutely trusted node in structured P2P system. As a result, none of existing schemes can prevent the single signer from being compromised or launching active attack. This paper firstly designs a threshold signature scheme based on secret sharing and certificateless public key cryptosystem without paring (CL-PKC-without-P). Based on that, it proposes a node ID assignment protocol which eliminates the three problems listed above. Using secret sharing technology, this protocol is able to resist the active attacks launching by less than t signer, where t is the threshold value. The results of analysis and simulation show that this protocol is more secure, efficient and scalable.

A Signature Protocol Based on Specific Set

Based on the idea of privilege set, this paper proposes a threshold group signature scheme with multiple privilege sets. Only when the joint involvement of ordinary users under satisfied conditions and privileged users with multiple privilege sets can the valid proxy group signature be generated. Some members can’s forge signatures, which can help resist attacks. The threshold signature scheme has good features of privilege sets and threshold characteristics, unforgeability of signature and anonymity of verification and traceability of identity.

An Efficient Threshold Signature Scheme Resistible to Conspiracy Attack

The study presents a threshold signature scheme. While developing threshold cryptography, the concept of threshold signature can accomplish a tradeoff between efficiency in use and depe ndability of security. The presented threshold signature scheme can resist conspiracy attack by controlling the right of issuing group sign ature, and the performance of constructing group signature is also enhanced by simplifying keys.

One forward-secure signature scheme using bilinear maps and its applications

Forward-secure signatures are proposed to deal with the key exposure problem. Compared to regular signatures, forward-secure signatures have a special update algorithm that can evolve the new private key in each time period. Therefore, it can protect the security of signatures previous to the time period of key exposure. The efficiency is an important issue of forward-secure signatures. In this paper, we construct a new forward-secure signature scheme using bilinear maps. In this scheme, all performance parameters have complexities of log magnitude in terms of the total time periods. In addition, our scheme needs very few (only triple) pairing operations in the verifying algorithm, which is very important because the pairing operation is very time-consuming. This scheme is proved to be forward secure in the random oracle model assuming the CDH problem is hard. Finally, we give some applications of this scheme including constructing an intrusion-resilient signature scheme and constructing a forward-secure threshold signature scheme.

A Rational Threshold Signature Model and Protocol Based on Different Permissions

This paper develops a novel model and protocol used in some specific scenarios, in which the participants of multiple groups with different permissions can finish the signature together. We apply the secret sharing scheme based on difference equation to the private key distribution phase and secret reconstruction phrase of our threshold signature scheme. In addition, our scheme can achieve the signature success because of the punishment strategy of the repeated rational secret sharing. Besides, the bit commitment and verification method used to detect players’ cheating behavior acts as a contributing factor to prevent the internal fraud. Using bit commitments, verifiable parameters, and time sequences, this paper constructs a dynamic game model, which has the features of threshold signature management with different permissions, cheat proof, and forward security.

Efficient identity-based threshold signature scheme from bilinear pairings in standard model

We propose a new identity-based threshold signature (IBTHS) scheme from bilinear pairings enjoying the following advantages in efficiency, security and functionality. The round-complexity of the threshold signing protocol is optimal since each party pays no other communication cost except broadcasting one single message. The computational complexity of the threshold signing procedure is considerably low since there appears no other time-consuming pairing except two pairings for verifying each signature shares. The communication channel requirement of the threshold signing procedure is the lowest since the broadcast channel among signers is enough. It is provably secure with optimal resilience in the standard model. It is the private key associated with an identity rather than a private key of the private key generator (PKG) that is shared among signature generation servers.

Simulatable and secure certificate‐based threshold signature without pairings

ABSTRACTWe propose the notion and define the security model of a certificate‐based threshold signature. The model is a general model that allows both the master secret key and user secret keys to be determined and distributed to the corresponding participators. Furthermore, the model can be easily converted into an identity‐based (ID‐based) threshold signature model to solve the key escrow problem and can be converted into a certificateless threshold signature model. In addition, we propose a secure and efficient certificate‐based threshold signature scheme. Compared with previous ID‐based threshold signature and certificateless threshold signature, our scheme requires no computation of pairings and no trusted dealer. In addition, in our proposed scheme, unlike most schemes that require all members to jointly generate a certificate or a signature, it only requires t or more than t members to generate a certificate or a signature. Our proposed scheme can detect dishonest participants as well. Therefore, our scheme is more practical than existing schemes. We show that our scheme is existentially unforgeable against adaptive chosen message attacks under the discrete logarithm assumption. Copyright © 2013 John Wiley & Sons, Ltd.

Efficient threshold signature scheme in standard model

To improve the computational efficiency in the threshold signature scheme,the authors proposed a new threshold signature scheme based on bilinear pairing via combining Gennaro's(GENNARO R,JAREAKI S,KRAWCZYK H,et al.Secure distributed key generation for discrete-log based cryptosystem.Journal of Cryptology,2007,20(1): 51-83) distributed secret key generation solution and Gu's(GU K,JIA W J,JIANG C L.Efficient and secure identity-based signature scheme.Journal of Software,2011,22(6): 1350-1360) signature scheme in the standard model.There was no trusted dealer for secret key share distribution and each party could verify the validity of some important information,which guaranteed the proposed scheme can avoid the malicious private key generator attack and public key share replacing attack.The comparison results with two previous threshold signature schemes show that the proposed scheme needs less pairing computation and raises the computational efficiency.

A General Threshold Signature Scheme Based on Elliptic Curve

Based on Elliptic Curve cryptosystem, a threshold signature scheme characterized by (k,l) joint verification for (t,n) signature is put forward. After being signed by a signer company employing (t, n) threshold signature scheme, the informationmis transmitted to a particular verifier company, and then the signature is verified through the cooperation ofkones from the verifier company withlmembers, so as to realize a directional transmission between different companies. Finally, the application examples of the company encryption communication system, the generating polynomial of company private key and public key were given. The security of this scheme is based on Shamir threshold scheme and Elliptic Curve system, and due to the advantages of Elliptic Curve, the scheme enjoys wider application in practice.

A General Threshold Signature and Authenticated Encryption Scheme Based on ElGamal System

Based on ElGamal system, a group-oriented threshold signature and authenticated encryption scheme was put forward. After being signed by a signer group employing threshold signature scheme, the message was transmitted to a particular verifier group, and then the signature was verified through the cooperation of ones from the verifier group with members. Similarly, a general authenticated encryption scheme characterized by joint verification was put forward through integrating threshold signature scheme and message recovery technique together; After being encrypted singed by any ones from a group with members, the message was transmitted to a particular verifier group with members, and then recovered through the cooperation of any ones from the verifier group. The security of this scheme is based on Shamir threshold scheme and ElGamal system. It realized the directional transmission of message between different groups and enjoyed the characteristics of reduced communication load and lowered calculation complexity, etc. DOI: http://dx.doi.org/10.11591/telkomnika.v11i7.2828 Full Text: PDF

Cryptanalysis and improvement of a certificateless threshold signature secure in the standard model

In this paper, we focus on security analysis of certificateless signature (CLS) schemes and certificateless threshold signature (CLTHS) schemes. We first propose four common attack methods for analyzing security of CLS schemes and CLTHS schemes. Then we give seven existing schemes as examples for demonstrating how to use our common attack methods, and prove that these schemes are vulnerable against public key replacement attacks or malicious-but-passive key generation center (KGC) attacks. By comprehensively using the proposed attack ideas, we also present three attacks against a CLTHS scheme proposed by Xiong et al. (2010) [28]: two public key replacement attacks and a malicious-but-passive KGC attack. Furthermore, we point out the flaws in the security proofs of these insecure CLS or CLTHS schemes. Finally, to resist these attacks, we propose an improved CLTHS scheme.

Off-line/on-line signatures revisited: a general unifying paradigm, efficient threshold variants and experimental results

The notion of off-line/on-line digital signature scheme was introduced by Even, Goldreich and Micali. Informally such signatures schemes are used to reduce the time required to compute a signature using some kind of preprocessing. Even, Goldreich and Micali show how to realize off-line/on-line digital signature schemes by combining regular digital signatures with efficient one-time signatures. Later, Shamir and Tauman presented an alternative construction (which produces shorter signatures) obtained by combining regular signatures with chameleon hash functions. In this paper, we study off-line/on-line digital signature schemes both from a theoretic and a practical perspective. More precisely, our contribution is threefold. First, we unify the Shamir---Tauman and Even et al. approaches by showing that they can be seen as different instantiations of the same paradigm. We do this by showing that the one-time signatures needed in the Even et al. approach only need to satisfy a weak notion of security. We then show that chameleon hashing is basically a one-time signature which satisfies such a weaker security notion. As a by-product of this result, we study the relationship between one-time signatures and chameleon hashing, and we prove that a special type of chameleon hashing (which we call double-trapdoor) is actually a fully secure one-time signature. Next, we consider the task of building, in a generic fashion, threshold variants of known schemes: Crutchfield et al. proposed a generic way to construct a threshold off-line/on-line signature scheme given a threshold regular one. They applied known threshold techniques to the Shamir---Tauman construction using a specific chameleon hash function. Their solution introduces additional computational assumptions which turn out to be implied by the so-called one-more discrete logarithm assumption. Here, we propose two generic constructions that can be based on any threshold signature scheme, combined with a specific (double-trapdoor) chameleon hash function. Our constructions are efficient and can be proven secure in the standard model using only the traditional discrete logarithm assumption. Finally, we ran experimental tests to measure the difference between the real efficiency of the two known constructions for non-threshold off-line/on-line signatures. Interestingly, we show that, using some optimizations, the two approaches are comparable in efficiency and signature length.

Anonymous Cluster-Based MANETs with Threshold Signature

Security supports are a significant factor in the design of security system in ad hoc networks. It is particularly important to protect the identities of individual nodes to avoid personal privacy concerns. In this paper, we propose a security system for ID-based anonymous cluster-based MANETs to protect the privacy of nodes. Moreover, we propose a threshold signature scheme without pairing computations, which diminishes the computation load on each node. To the best of our knowledge, our proposed security system is the first in which the pseudonym is combined with cluster-based mobile ad hoc networks (MANETs) without a trusted entity. According to our protocol analysis, our proposal satisfies most properties for an anonymous security system and effectively copes with dynamic environments with greater efficiency by using secret sharing schemes. Therefore, it could be usefully applied to preserve privacy in dynamic MANETs without a trusted entity, such as military battlefields, emergency areas, mobile marketplaces, and vehicular ad hoc networks (VANETs).