Threshold Signature Research Articles

An efficient Proof-of-Authority consensus scheme against cloning attacks

Proof-of-Authorization (PoA) consensus algorithms are widely used in permissioned blockchain networks due to their high throughput, security, and efficiency. However, PoA is susceptible to cloning attacks, where attackers copy the authenticator identity and key, thereby compromising the consensus integrity. This study proposes a novel randomized authenticator within the PoA framework to mitigate cloning attacks and solve the leader selection bottleneck. The main contributions include 1) Introducing unpredictability in leader selection through Verifiable Random Functions (VRFs) to prevent identity duplication.2) Dynamic group management using a hierarchical decentralized architecture of distributed ledgers that balances security and performance.3) Using threshold signatures to avoid a single point of failure among validators.4) Comprehensively analyzing attacks, security, randomness, and availability.5) Evaluating the effectiveness of a randomized authenticator by means of OMNET++ simulations to assess efficiency. By integrating randomness into leader selection and robust consensus design, the approach enables reliable and secure dynamic group management in decentralized networks.

Practical two-party SM2 signing using multiplicative-to-additive functionality

Threshold signatures are important tools for addressing issues related to key management, certificate management, and cryptocurrencies. Among them, two-party SM2 signatures have received considerable interest recently. In this paper, we propose a fast and secure online/offline two-party SM2. By employing the re-sharing technique, we have successfully made the online phase of the signing process non-interactive while achieving nearly optimal computational efficiency. Additionally, in the offline phase, there is just a single call to the multiplicative-to-additive functionality based on Paillier encryption. Our protocol is existentially unforgeable under adaptive chosen message attacks in the random oracle model in the presence of a static adversary. Experimental results demonstrate that our proposed scheme outperforms previous similar schemes by approximately a factor of 2 in online computation and a factor of 3 in online communication. Our scheme can be applied in scenarios such as Certificate Authority (CA) and the signing of blockchain transactions to provide them with a more secure and flexible implementation method, enhancing the security and reliability of the systems.

Dynamic Byzantine Fault-Tolerant Consensus Algorithm with Supervised Feedback Mechanisms

Among the existing consensus algorithms, there are very few low-latency consensus algorithms that can simultaneously take into account node dynamics, fault tolerance, and scalability, and which are applicable to large-scale open scenarios where low latency is required. Therefore, this paper proposes a low-latency scalable dynamic consensus algorithm with high fault tolerance utilizing a combination of layered and threshold signature technologies, known briefly as LTSBFT. Firstly, LTSBFT achieves linear communication complexity through the utilization of threshold signature technology and a two-layer structure. Secondly, the mutual supervision feedback mechanism among nodes enables the attainment of linear complexity for reaching consensus on the faulty upper-layer nodes during the view-change. Lastly, a node dynamic protocol was proposed for the first time to support dynamic changes in the number of nodes during the consensus process. That is to say, consensus can still be reached when the number of nodes dynamically changes without interrupting the client’s request for consensus in the network. The experimental results indicate that LTSBFT exhibits lower communication latency and higher throughput compared to the classic HotStuff and PBFT algorithms. Furthermore, in comparison to double-layer PBFT, the LTSBFT has been demonstrated to have improved fault tolerance.

Lightweight adaptive Byzantine fault tolerant consensus algorithm for distributed energy trading

With the rapid development of smart grid, constructing distributed energy trading market (DETM) based on blockchain to coordinate distributed energy resources (DER) has become a future direction. However, existing consensus algorithms of blockchain face many challenges in large-scale energy trading scenarios, such as high resource overhead, slow transaction procedure. To solve the above crucial problems for wide deployment of distributed energy trading, this study proposes a novel consensus algorithm named Lightweight adaptive Byzantine fault tolerant consensus (LA-BFT), and a reputation calculation method based on behavioral characteristics for selection of consensus nodes. The LA-BFT consists of two parts: (i) weak consensus for normal cases. By introducing threshold signature mechanism, weak consensus simplifies the consensus process to achieve linear communication complexity O(n). (ii) byzantine node detection scheme is enable for malicious cases. With consensus committee, the detection scheme can detect the potential byzantine nodes by cross-validation, which ensures transaction safety. The reputation calculation method is presented to cooperate with LA-BFT to elect leaders and candidates for consensus procedure. Once a round of consensus is completed, the reputation of each node needs to be updated, only nodes with high reputation are eligible to become leaders or committee nodes in the next round. With the reputation calculation method, honest nodes and byzantine nodes can be effectively identified, ensuring the security of the consensus process. Numerical results indicate that LA-BFT exhibits superior performance on communication overhead and bandwidth occupancy in large-scale concurrent energy trading scenarios. When the number of nodes is 50, under normal scenarios, LA-BFT’s communication overhead is notably lower, constituting a mere 6.02% of PBFT and 24.26% of SHBFT, while bandwidth occupancy amounts to merely 5.55% of PBFT and 9.76% of SHBFT.

Seraph: Towards secure and efficient multi-controller authentication with [formula omitted]-threshold signature in multi-domain SDWAN

The multi-controller scheme is widely adopted in Software-Defined Wide Area Networks (SDWANs), where a WAN is segmented into multiple domains, each controlled by one controller. These controllers communicate with each other in-band, necessitating authentication before exchanging control messages. However, relying solely on identification of a single node for authentication exposes the network to spoofing attacks, jeopardizing its security. To address this issue, we present Seraph, an innovative (t,n)-threshold signature-based authentication scheme that verifies not only the node itself but also its “endorsement” nodes to establish its identity. We have investigated the best practice for defining the “endorsement” relationships concerning security and overheads, formulating the problem as an integer programming problem. We have demonstrated the polynomial-time hardness (NP-hardness) of the problem and proposed an efficient Seraph algorithm. Through our rigorous simulation analysis, we show that Seraph can provide comparative performance with Optimal and reduce time usage by over 90%.

TortoiseBFT: An asynchronous consensus algorithm for IoT system

Traditional partial synchronous Byzantine fault tolerant (BFT) protocols are confronted with new challenges when applied to large-scale networks like IoT systems, which bring about rigorous demand for the liveness and consensus efficiency of BFT protocols in asynchronous network environments. HoneyBadgerBFT is the first practical asynchronous BFT protocol, which employs a reliable broadcast protocol (RBC) to broadcast transactions and an asynchronous binary agreement protocol (ABA) to determine whether transactions should be committed. DumboBFT is a follow-up proposal that requires fewer instances of ABA and achieves higher throughput than HoneyBadgerBFT, but it does not optimize the communication overhead of HoneyBadgerBFT.In this paper, we propose TortoiseBFT, a high-performance asynchronous BFT protocol with three stages. We can significantly reduce communication overhead by determining the order of transactions first and requesting missing transactions after. Our two-phase transaction recovery mechanism enables nodes to recover missing transactions by seeking help from 2f+1 nodes. To improve the overall throughput of the system, we lower the verification overhead of threshold signatures in HoneyBadgerBFT, DumboBFT, and DispersedLedger from On3 to On2. We develop a node reputation model that selects producers with stable network conditions, which helps to reduce the number of random lotteries. Experimental results show that TortoiseBFT improves system throughput, reduces transaction delays, and minimizes communication overhead compared to HoneyBadgerBFT, DumboBFT, and DispersedLedger.

Quantum (t, n) threshold signature based on logistic chaotic sequences and mutually unbiased bases

Quantum (t, n) threshold signature based on logistic chaotic sequences and mutually unbiased bases

Simple Three-Round Multiparty Schnorr Signing with Full Simulatability

In a multiparty signing protocol, also known as a threshold signature scheme, the private signing key is shared amongst a set of parties and only a quorum of those parties can generate a signature. Research on multiparty signing has been growing in popularity recently due to its application to cryptocurrencies. Most work has focused on reducing the number of rounds to two, and as a result: (a) are not fully simulatable in the sense of MPC real/ideal security definitions, and/or (b) are not secure under concurrent composition, and/or (c) utilize non-standard assumptions of different types in their proofs of security. In this paper, we describe a simple three-round multiparty protocol for Schnorr signatures that is secure for any number of corrupted parties; i.e., in the setting of a dishonest majority. The protocol is fully simulatable, secure under concurrent composition, and proven secure in the standard model or random-oracle model (depending on the instantiations of the commitment and zero-knowledge primitives). The protocol realizes an ideal Schnorr signing functionality with perfect security in the ideal commitment and zero-knowledge hybrid model (and thus the only assumptions needed are for realizing these functionalities). In our presentation, we do not assume that all parties begin with the message to be signed, the identities of the participating parties and a unique common session identifier, since this is often not the case in practice. Rather, the parties achieve consensus on these parameters as the protocol progresses.

A secure cross-domain authentication scheme based on threshold signature for MEC

The widespread adoption of fifth-generation mobile networks has spurred the rapid advancement of mobile edge computing (MEC). By decentralizing computing and storage resources to the network edge, MEC significantly enhances real-time data access services and enables efficient processing of large-scale dynamic data on resource-limited devices. However, MEC faces considerable security challenges, particularly in cross-domain service environments, where every device poses a potential security threat. To address this issue, this paper proposes a secure cross-domain authentication scheme based on a threshold signature tailored to MEC’s multi-subdomain nature. The proposed scheme employs a (t,n) threshold mechanism to bolster system resilience and security, catering to large-scale, dynamic, and decentralized MEC scenarios. Additionally, the proposed scheme features an efficient authorization update function that facilitates the revocation of malicious nodes. Security analysis confirmed that the proposed scheme satisfies unforgeability, collusion resistance, non-repudiation and forward security. Theoretical evaluation and experimental simulation verify the effectiveness and feasibility of the proposed scheme. Compared with existing schemes, the proposed scheme has higher computational performance while implementing secure authorization updates.

Key Backup and Recovery for Resilient DID Environment

This paper delves into the advantages of authentication algorithms employing self-sovereign identity, highlighting a reduced communication overhead and the elimination of single points of failure. However, it acknowledges the vulnerability of digital wallets to real-world issues like loss or theft. To address these challenges, we propose an efficient key backup and recovery protocol based on the FROST threshold signature algorithm. This protocol involves trusted third parties and backup devices, ensuring secure secret key sharing and rapid key recovery. Performance evaluations, including key recovery time, demonstrate the protocol’s efficiency and reliability, bolstering the overall robustness of self-sovereign identity systems.

Industrial blockchain threshold signatures in federated learning for unified space-air-ground-sea model training

The space-air-ground-sea three-dimensional (3D) network is a comprehensive communication network system. This 3D network combines extensive coverage of satellite communications, adaptability of unmanned aerial vehicle (UAV) communications, reliability of terrestrial communications, and the necessity for maritime communications. These networks generate enormous amounts of data, and training machine learning (ML) models on this data will have a significant impact on industry. At the same time, the availability of such data poses numerous security threats, which can be overcome using Federated Learning (FL). Decentralized training in FL can provide a universal model from local data generated by 3D networks. However, most existing FL frameworks have a centralized server, which questions credibility, single-point failure, and global confidence. To solve these problems, industrial blockchain technology has received a lot of attention by replacing centralized servers in traditional FL, which offers a promising approach to address key issues like data privacy and security. In a blockchain-based system, digital signatures are a core component for ensuring data integrity and system security, however, private key disclosure can pose significant risks. Security can be enhanced by using threshold signatures which provide a more reliable foundation for FL by storing keys in multiple nodes and requiring multiple nodes to collaborate to generate signatures. In this paper, we propose a Threshold signing scheme for ISO/IEC Digital Signature Standards (TDSS) in an industrial blockchain. The TDSS scheme helps FL to achieve truly distributed decentralization for unified space-air-ground-sea model training. The TDSS scheme exploits the SM-2 digital signature algorithm in the ISO/IEC standard when t out of n nodes in an industrial blockchain interact with each other to calculate the signature. The experimental results and analysis show that the TDSS scheme has provable security and efficient against security attacks, which can be applied to large-scale threshold signing scenarios.

Asynchronous Threshold ECDSA With Batch Processing

Threshold Elliptic Curve Digital Signature Algorithm (ECDSA) has attracted a lot of attention due to the wide applications of ECDSA in crypto asset. Although several variants of threshold signature protocols can provide functions, such as key generation and signing, they suffer from two shortfalls. First, these schemes only discuss a single signature computation task in a synchronous algorithm context, which is difficult to adapt to real crypto-asset applications, such as custody. Second, these schemes are computing intensive and not scalable, hence can hardly support large-scale processing operations in real life even after traditional optimization, such as multithreading, is applied. In this article, we propose an innovative computation method called asynchronous threshold ECDSA with batch processing, based on the interactive threshold signature protocols. The method provides a reliable solution for critical operational scenarios, such as threshold signing and distributed key generation (DKG) in crypto-asset custody, and can be a future reference in secure data distribution mechanisms. The performance and scalability of our methods are validated through a benchmark testing.

Incentive Mechanism for Privacy-Preserving Collaborative Routing Using Secure Multi-Party Computation and Blockchain.

Traffic congestion results from the spatio-temporal imbalance of demand and supply. With the advances in connected technologies, incentive mechanisms for collaborative routing have the potential to provide behavior-consistent solutions to traffic congestion. However, such mechanisms raise privacy concerns due to their information-sharing and execution-validation procedures. This study leverages secure Multi-party Computation (MPC) and blockchain technologies to propose a privacy-preserving incentive mechanism for collaborative routing in a vehicle-to-everything (V2X) context, which consists of a collaborative routing scheme and a route validation scheme. In the collaborative routing scheme, sensitive information is shared through an off-chain MPC protocol for route updating and incentive computation. The incentives are then temporarily frozen in a series of cascading multi-signature wallets in case vehicles behave dishonestly or roadside units (RSUs) are hacked. The route validation scheme requires vehicles to create position proofs at checkpoints along their selected routes with the assistance of witness vehicles using an off-chain threshold signature protocol. RSUs will validate the position proofs, store them on the blockchain, and unfreeze the associated incentives. The privacy and security analysis illustrates the scheme's efficacy. Numerical studies reveal that the proposed incentive mechanism with tuned parameters is both efficient and implementable.

Decentralized Threshold Signatures With Dynamically Private Accountability

Decentralized Threshold Signatures With Dynamically Private Accountability

A threshold traceable delegation authorization scheme for data sharing in healthcare

In the field of smart healthcare, sharing of electronic data records (EHRs) has become popularity. As cloud computing develops, storing data in the cloud and setting access policies has become a common approach for EHRs data sharing. However, considering the collaborative nature of the diagnosis in healthcare, it is crucial to enhance flexible access control of shared EHRs data using delegation authorization. At the same time, the process of authorization must be achieved under controlled as well as traceable conditions. Attribute-based access control (ABAC) is one solution to address fine-grained access control, but the lack of management of the delegation process in existing solutions makes it difficult to apply ABAC directly in combination with delegation authorization. In this paper, we propose a threshold traceable delegation authorization (TTDA) scheme for EHRs data sharing. By using TTDA scheme, data owner who with limited resources can delegate multiple authorized users to complete authorization operation with a threshold-based manner. In TTDA scheme, we use accountability threshold signatures to help data owner traces the users who execute the authorization. We prove the security of TTDA scheme under the IND-CPA security model. Finally, we conduct sufficient realistic experiments, and the experimental outcomes prove the practicability of TTDA scheme.

A Blockchain-Based Privacy-Preserving and Fair Data Transaction Model in IoT

The rapid development of the Internet of Things (IoT) has resulted in vast amounts of widely distributed data. Sharing these data can spur innovative advancements and enhance service quality. However, conventional data-sharing methods often involve third-party intermediaries, posing risks of single-point failures and privacy leaks. Moreover, these traditional sharing methods lack a secure transaction model to compensate for data sharing, which makes ensuring fair payment between data consumers and providers challenging. Blockchain, as a decentralized, secure, and trustworthy distributed ledger, offers a novel solution for data sharing. Nevertheless, since all nodes on the blockchain can access on-chain data, data privacy is inadequately protected, and traditional privacy-preserving methods like anonymization and generalization are ineffective against attackers with background knowledge. To address these issues, this paper proposes a decentralized, privacy-preserving, and fair data transaction model based on blockchain technology. We designed an adaptive local differential privacy algorithm, MDLDP, to protect the privacy of transaction data. Concurrently, verifiable encrypted signatures are employed to address the issue of fair payment during the data transaction process. This model proposes a committee structure to replace the individual arbitrator commonly seen in traditional verifiable encrypted signatures, thereby reducing potential collusion between dishonest traders and the arbitrator. The arbitration committee leverages threshold signature techniques to manage arbitration private keys. A full arbitration private key can only be collaboratively constructed by any arbitrary t members, ensuring the key’s security. Theoretical analyses and experimental results reveal that, in comparison to existing approaches, our model delivers enhanced transactional security. Moreover, while guaranteeing data availability, MDLDP affords elevated privacy protection.

Lattice-Based Threshold Signcryption for Blockchain Oracle Data Transmission

Threshold signature can solve the problems of high cost and network congestion during the execution of smart contracts. However, the information transmitted in public links is vulnerable to eavesdropping, tampering and other network attacks, it is essential to ensure the confidentiality and integrity during data transmission. However, traditional threshold signcryption is not suitable for blockchain setting and cannot withstand the quantum computing attacks. In view of these reasons, one lattice-based threshold signcryption for blockchain oracle data transmission (BCODT-LTSC) is devised in this article. BCODT-LTSC satisfies the existential unforgeability, confidentiality and threshold characteristic; it has very low computation cost and is suitable for the application in blockchain scenario.

Redactable consortium blockchain based on verifiable distributed chameleon hash functions

With the evolving application demands, the inherent immutability of consortium blockchains hinders their widespread adoption. For example, expired data stored on the chain cannot be deleted, and erroneous data cannot be redacted, seriously limiting the flexibility of consortium blockchains. However, existing redactable blockchain solutions need to be improved in aspects of decentralization, efficiency, and fault tolerance. This paper develops a new verifiable distributed chameleon hash (VDCH) function to solve the above problems. With VDCH, nodes share chameleon keys with a secure multi-party computation protocol based on a verifiable key-sharing scheme, and the collision shares can be verified with a Schnorr non-interactive zero-knowledge proof protocol, which enhances the fault tolerance of the consortium chain while maintaining its decentralized nature. Then, this paper proposes a consensus protocol called CVTSS based on verifiable threshold signatures, which provides protocol support for collaborative hash collision computation by multiple nodes using VDCH, thus avoiding the dependence on Nakamoto consensus and improving the redaction efficiency. Meanwhile, CVTSS uses threshold signatures to prevent malicious nodes from tampering with data using one-time chameleon keys. Finally, this paper constructs an efficient, practical, and secure redactable consortium chain scheme based on VDCH and CVTSS. Theoretical analysis and experimental results show that the proposed scheme can operate safely in the presence of malicious nodes with an acceptable time cost.

ChainKeeper: A cross‐chain scheme for governing the chain by chain

AbstractWith the rapid application of consortium chains, supervising these systems has become a challenge for governments. The centralized model fails to deliver supervision services that are both open and transparent. Given the benefits of decentralization, non‐tampering, and traceability offered by blockchains, researchers propose the concept of ‘governing the chain by chain’, which involves supervising multiple consortium chains by constructing a blockchain. Under this idea, the cross‐chain scheme becomes the key to achieving excellent supervision. Existing studies have shortcomings and cannot meet the requirements of universality, security, and efficiency in cross‐chain supervision scenarios. Aiming at the challenges, we propose ChainKeeper, a cross‐chain scheme for governing the chain by chain. The innovation of our work lies in three points. First, a modular node proxy program is designed to adapt to various implementations of consortium chains. Second, a verifiable node random selection method is put forward to improve the throughput of cross‐chain data transmission. Finally, a verifiable identity threshold signature method is proposed to prevent the cheating behavior of malicious nodes. To verify the universality of ChainKeeper, we built a prototype system on three types of consortium chains. The experimental results show that ChainKeeper can achieve high throughput, outperforming two state‐of‐the‐art cross‐chain schemes.

Non-interactive SM2 threshold signature scheme with identifiable abort

Non-interactive SM2 threshold signature scheme with identifiable abort