Wang Qing-ju

2008-01-01

Abstract:Recently,Chang proposed a(t,n) threshold signature with(k,l) threshold-shared verification to be used in agroup-oriented cryptosystem without a shared distribution center(SDC).In their scheme,any t participants can represent a group(signing group) to sign a message,and any k participants can represent another group(verifying group) to verify the signature.In this paper,we will argue that Chang′s scheme is vulnerable to the impersonation attack,and violates the basic definition requirement of(t,n) threshold signature with(k,l) threshold-shared verification.

王斌,潘皓东,李建华

DOI: https://doi.org/10.3321/j.issn:1006-2467.2002.09.030

2002-01-01

Abstract:Group Oriented ( T,N ) threshold signature is a kind of special digital signature scheme, some members of the group can sign document on behalf of the group, however, the security weakness in the existing group oriented threshold signature schemes slows down the application of the threshold signature. In these schemes, either some members conspire to get the secret parameters of the system or attackers forge the signature according to the acquired valid signature. Based on the idea of multiple signature and different signing combination using different polynomial ,this paper presented a modified scheme. Through security analysis ,the new scheme can avoid the two attack ways mentioned above.

Ren Guo,Xiaogang Cheng

DOI: https://doi.org/10.1007/s11128-021-03390-9

IF: 1.965

2022-01-01

Quantum Information Processing

Abstract:Recently, a (t, n) threshold group signature scheme is present in Qin et al. (Quantum Inf Process 19(2):71, 2020). In this paper, we point out that it is not a threshold signature scheme, namely any number of members can generate a valid signature. By introducing a secret sharing scheme, we show how to improve the original scheme to a threshold signature scheme. In the original scheme, the key for the one-time pad encryption is used more than once, which makes the verifier recover the key and fabricate any signature at his will. We show how to close this security loophole. And we also show how to add a round for checking the honesty of the arbitrator, and thus the trust put on the arbitrator can be reduced.

physics, multidisciplinary,quantum science & technology, mathematical

Jie Wang,Yongquan Cai,Jingyang He

DOI: https://doi.org/10.1109/cis.2010.80

2010-01-01

Abstract:Aiming at the weakness of existing schemes, a new threshold signature scheme to withstand the conspiracy attack is proposed in this paper. In this scheme, any subset of t or more than t members of the group can execute a valid threshold signature on behalf of the whole but can't construct legal group signature through giving two specific equations contained each other, so this scheme can not only withstand conspiracy attacks effectively, but also provide traceability under the premise of group signature anonymity. In addition, a new conspiracy attack method is designed, which was adopted to test the existing schemes and the new scheme of this paper, the result shows new scheme has higher security than existing ones.

ZHANG Qiu-yu,ZHANG Jun-min,YU Dong-mei

2007-01-01

Abstract:In this paper,we shall propose a (t,n) threshold signature with(k,l) threshold-shared verification to be used in a group-oriented cryptosystem without a Shared Distribution Center(SDC).In this scheme,any t participants can represent a group (signing group) to sign a message,and any k participants can represent another another group(verifying group) to verify the signature.We need no SDC to distribute the public and private keys to all the participants in the two groups.Hence,this scheme is more practical in real-world application and more efficient than its predecessors in terms of communication and computationa;complexity as well as storage.

Tianjie Cao,Dongdai Lin

DOI: https://doi.org/10.1007/11599548_20

2005-01-01

Abstract:Digital signature scheme allows a user to sign a message in such a way that anyone can verify the signature, but no one can forge the signature on any other message. In this paper, we show that Xie and Yu’s threshold signature scheme, Huang and Chang’s threshold proxy signature scheme, Qian, Cao and Xue’s pairing-based threshold proxy signature scheme, Xue and Cao’s multi-proxy signature scheme and Zhou et al.’s proxy multi-signature scheme are all insecure against the forgery attacks.

Xin Liu,Willy Susilo,Joonsang Baek

DOI: https://doi.org/10.1007/978-3-030-89432-0_10

2021-01-01

Abstract:There has been renewed attention to threshold signature in recent years as the threshold version of the ECDSA and SM2 Elliptic Curve Cryptographic Algorithm (SM2) could be used in Bitcoin as an underlying digital signature scheme to protect users' private keys that guarantees transactions. A (t, n) threshold signature scheme means in a set of n parties, at least t players can exercise the right of generating signatures on behalf of the group, and any less than t of the players' cooperation cannot generate a valid signature for the message nor obtain any information about the shared secret key. Thus, it is meaningful to construct a purely (t, n) threshold SM2 signature scheme (purely (t, n) means in the whole signature scheme, the threshold value is fixed to t). We propose a robust multiplication protocol of shared secrets to resolve the "multiplication of shared secrets" problem in existing threshold signature schemes. Using the proposed multiplication protocol, we improve the existing secret reciprocal computation protocol and show how to get a purely (t, n) threshold SM2 signature scheme.

Fagen Li,Yong Yu

DOI: https://doi.org/10.1109/icccas.2008.4657820

2008-01-01

Abstract:Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at a lower computational costs and communication overheads than the signature-then-encryption approach. Recently, two identity-based threshold signcryption schemes [12], [27] have been proposed by combining the concepts of identity-based threshold signature and signcryption together. However, the formal models and security proofs for both schemes are not considered. In this paper, we formalize the concept of identity-based threshold signcryption and give a new scheme based on the bilinear pairings. We prove its confidentiality under the Decisional Bilinear Diffie-Hellman assumption and its unforgeability under the Computational Diffie-Hellman assumption in the random oracle model. Our scheme turns out to be more efficient than the two previously proposed schemes.

Changshe Ma,Kefei Chen,Dong Zheng,Shengli Liu

DOI: https://doi.org/10.1007/11556992_17

2005-01-01

Abstract:To make the system more secure and robust, threshold schemes are proposed to avoid single point failure. At the same time, there are more and more applications which utilize the two basic blocks encryption and digital signature to secure message delivery (such as SSL, SSH). Combining the three tools organically leads to an interesting security tool termed as threshold signcryption which can be used in distributed systems especially the mobile networks. In this paper, we present an efficient threshold signcryption scheme. The scheme is designed for an asynchronous network model which may better present practical distributed systems, especially Internet or mobile ad hoc networks. In order to resist mobile attacks, we add proactive property to our scheme. To the best of our knowledge, the proposed scheme is the first threshold signcryption scheme which is noninteractive, proactive and provably secure and works on asynchronous network models.

Hu Xiong,Fagen Li,Zhiguang Qin

DOI: https://doi.org/10.1016/j.ins.2010.06.010

IF: 8.1

2013-01-01

Information Sciences

Abstract:Threshold signature is an extension of the standard signature, in which several signers may be required to cooperatively sign messages for sharing the responsibility and authority. Certificateless cryptography eliminates the need of certificates in the Public Key Infrastructure and solves the inherent key-escrow problem in the Identity-based (ID-based) cryptography. In this paper, we propose a certificateless threshold signature scheme with concrete implementation which is provably secure in the standard model. Furthermore, this scheme is proven secure against the malicious-but-passive KGC attack. To the best of author's knowledge, this is the first construction of certificateless threshold signature scheme that does not rely on random oracle or ideal ciphers.

Huiqiang Liang,Jianhua Chen

DOI: https://doi.org/10.1007/s11704-022-2288-x

IF: 2.6688

2024-01-01

Frontiers of Computer Science

Abstract:A threshold signature is a special digital signature in which the N-signer share the private key x and can construct a valid signature for any subset of the included t-signer, but less than t-signer cannot obtain any information. Considering the breakthrough achievements of threshold ECDSA signature and threshold Schnorr signature, the existing threshold SM2 signature is still limited to two parties or based on the honest majority setting, there is no more effective solution for the multiparty case. To make the SM2 signature have more flexible application scenarios, promote the application of the SM2 signature scheme in the blockchain system and secure cryptocurrency wallets. This paper designs a non-interactive threshold SM2 signature scheme based on partially homomorphic encryption and zero-knowledge proof. Only the last round requires the message input, so make our scheme non-interactive, and the pre-signing process takes 2 rounds of communication to complete after the key generation. We allow arbitrary threshold t≤n and design a key update strategy. It can achieve security with identifiable abort under the malicious majority, which means that if the signature process fails, we can find the failed party. Performance analysis shows that the computation and communication costs of the pre-signing process grows linearly with the parties, and it is only 1/3 of the Canetti’s threshold ECDSA (CCS'20).

Jian-hong Chen,Yu Long,Ke-fei Chen,Yong-tao Wang,Xiang-xue Li

DOI: https://doi.org/10.1007/s12204-011-1207-3

2011-01-01

Abstract:To tackle the key-exposure problem in signature settings, this paper introduces a new cryptographic primitive named threshold key-insulated signature (TKIS) and proposes a concrete TKIS scheme. For a TKIS system, at least k out of n helpers are needed to update a user’s temporary private key. On the one hand, even if up to k −1 helpers are compromised in addition to the exposure of any of temporary private keys, security of the non-exposed periods is still assured. On the other hand, even if all the n helpers are compromised, we can still ensure the security of all periods as long as none of temporary private keys is exposed. Compared with traditional key-insulated signature (KIS) schemes, the proposed TKIS scheme not only greatly enhances the security of the system, but also provides flexibility and efficiency.

Qs Xue,Zf Cao

2004-01-01

Abstract:We review Hsu et al's threshold proxy signature scheme with known signers, describe the Tsai et al's attack to Hsu et al's scheme and point out that their attack can't work. We also review Hsu et al's another scheme with unknown signers, analyze its security and point out that it can not resist the public key substitution attack. Based on Hsu et al's second scheme, an improved version which can resist the weakness is proposed.

Zhiyuan Liu,Shejie Lu,Jun Yan

DOI: https://doi.org/10.1109/snpd.2007.359

2007-01-01

Abstract:A t-out-of-n threshold group signature is a generalization of group signature, in which only t or more members from a given group with n members can represent the group to generate a signature anonymously and the identities of the participating signers can be revealed in case of a dispute later. A new approach to convert any threshold signature into a threshold group signature is proposed in this paper. Compared with the proposal presented by Petersen, our approach has better efficiency and shorter signatures, and it does not require any secure channel among the participating signers. In particular, when the interpolation coefficients are calculated by the group manager, it has better anonymity.

Yang Liu,Zhong Cheng,Hua Bei

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.07.030

2009-01-01

Abstract:Security is the critical concern for all computer systems,and peer-to-peer network is not an exceptant.Threshold signature is a kind of important digital signature,the biggest weakness in common threshold signature schemes is that when the number of malicious shareholders is no less than the threshold,they can obtain the system secret of the group with high probability,and then forge the group signature.A verifiable P2P distributed digital signing system using(t,n) threshold encryption technique is proposed in this paper.The security of the system relies on the difficulty in computing the discrete logarithm and the factorization of RSA large integer.Part of members inside a group cannot get any system secret parameters in collusion,thus the conspiracy attack is withstood.

Junfang Xiao,Guihua Zeng

DOI: https://doi.org/10.1109/CHINACOM.2007.4469385

2007-01-01

Abstract:A number of peer to peer (P2P) systems as well as mobile ad-hoc networks (MANETs) fall into the category of ad hoc groups. Their needs for security have been widely recognized. Following this line, some signature schemes had introduced for ad hoc group. On the based of analyzing those scheme, we propose a threshold ring signature from bilinear pairings for ad hoc group. On the base of analyzing our scheme, we conclude that our scheme meet with the three requirement of threshold ring signature: correctness, anonymity and secure against adaptively chosen message attacks in the random oracle model assuming the Computational Diffie-Hellman problem (CDH problem) is hard to solve. We presented detailed secure proof against widely known attacks in the paper. And then we give out the analysis on efficiency compared with Bresson's signature schemes [6].

QINZhi-guang,ZHANGXian-feng,ZHOUShi-jie,LIUJin-de

DOI: https://doi.org/10.3969/j.issn.1001-0548.2005.01.029

2005-01-01

Abstract:Based on ECC and ElGamal digital signature scheme, an ElGamal-type threshold digital signature scheme based on ECC is designed. The security of the scheme is analyzed via introducing the concept of views. In this scheme, the trusted center to deal with the sharing secret is eliminated. No secret communication is required in the signature-issuing phase. The scheme is characterized by excellentsecurity as well as high efficiency.

Fengying Li,Qingshui Xue,Zhenfu Cao

DOI: https://doi.org/10.1109/itng.2007.61

2007-01-01

Abstract:In a (t,n) threshold proxy signature scheme, an original signer delegates a group of n proxy signers to sign messages on behalf of him or her. When the proxy signature is created, t or more proxy signers cooperate to generate valid proxy signatures and any less than t proxy signers can't cooperatively produce valid proxy signatures. In 2003, Hwang et al. proposed a practical threshold proxy signature scheme (HLL-scheme) which is based on RSA crypto system for the first time. In 2004, Wang et al. had provided some comments on HLL-scheme. They showed that some mistakes of equations had made HLL-scheme become insecure. Moreover, in 2005, Kuo and Chen also showed two security weaknesses in Hwang et al.'s scheme: one is similar to RSA reblocking problem and the other is that the value of Li is not clearly defined. In addition, to overcome the second shortcoming of HLL-scheme, Kuo and Chen also provided a modified threshold proxy signature scheme (KC-scheme) based on HLL-scheme. By observation, we find that KC-scheme cannot still work. In other words, in KC-scheme, the value of Li cannot still be worked out, as makes KC-scheme not workable. To design a workable threshold proxy signature scheme, based on KC-scheme, an improved scheme is proposed

Fēi Li,Wei Gao,Guilin Wang,Kefei Chen,Xueli Wang

DOI: https://doi.org/10.1504/ijipt.2014.066373

2014-01-01

International Journal of Internet Protocol Technology

Abstract:We propose a new identity-based threshold signature (IBTHS) scheme from bilinear pairings enjoying the following advantages in efficiency, security and functionality. The round-complexity of the threshold signing protocol is optimal since each party pays no other communication cost except broadcasting one single message. The computational complexity of the threshold signing procedure is considerably low since there appears no other time-consuming pairing except two pairings for verifying each signature shares. The communication channel requirement of the threshold signing procedure is the lowest since the broadcast channel among signers is enough. It is provably secure with optimal resilience in the standard model. It is the private key associated with an identity rather than a private key of the private key generator (PKG) that is shared among signature generation servers.

Chao Wang,Yunpeng Han,Fagen Li

DOI: https://doi.org/10.1109/EBISS.2009.5138069

2009-01-01

Abstract:In a (t, n) threshold proxy signature scheme, which is a variant of the proxy signature scheme, the proxy signature key is shared among a group of n proxy signers delegated by the original signer. Any t or more proxy signers can cooperatively sign messages on behalf of the original signer. Recently, Qian et. al. proposed a pairing-based threshold proxy signature scheme. However, we show that their scheme suffers from the forgery attack. That is, an adversary can forge a valid threshold proxy signature on any messages. In addition, their scheme also suffers from the weakness that the proxy signers might change the threshold value. That is, the proxy signers can arbitrarily modify the threshold strategy without being detected by the original signer or message verifiers, which might violate the original signer's intent. In this paper, we propose an improved scheme that overcomes the above weaknesses.