Adaptively Secure Threshold Signature Scheme in the Standard Model

Wang, Zecheng; Qian, Haifeng; Li, Zhibin

doi:10.15388/informatica.2009.268

Cited by 9 publications

(6 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the adaptive model, the adversary waits for an appropriate time during the protocol execution. She collects information from a protocol run and corrupts a specific subset of participants to maximise her chances of success [5][6][7]. Clearly, the adaptive adversary is strictly stronger than the static one.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Fully Adaptively Secure Threshold Signature Scheme Based on Dual-Form Signatures Technology

Gan

2021

Security and Communication Networks

View full text Add to dashboard Cite

In t , n threshold signature schemes, any subset of t participants out of n can produce a valid signature, but any fewer than t participants cannot. Meanwhile, a threshold signature scheme should remain robust and unforgeable against up to t − 1 corrupted participants. This nonforgeability property is that even an adversary breaking into up to t − 1 participants should be unable to generate signatures on its own. Existential unforgeability against adaptive chosen message attacks is widely considered as a standard security notion for digital signature, and threshold signature should also follow this accordingly. However, there are two special attack models in a threshold signature scheme: one is the static corruption attack and the other is the adaptive corruption attack. Since the adaptive corruption model appears to better capture real threats, designing and proving threshold signature schemes secure in the adaptive corruption model has been focused on in recent years. If a threshold signature is secure under adaptive chosen message attack and adaptive corruption attack, we say it is fully adaptively secure. In this paper, based on the dual pairing vector spaces technology, we construct a threshold signature scheme and use Gerbush et al.’s dual-form signatures technology to prove our scheme, which is fully adaptively secure in the standard model, and then compare it to other schemes in terms of the efficiency and computation.

show abstract

Section: Introductionmentioning

confidence: 99%

“…Although reduced, there is still a need for interactions. Wang et al [7] apply the Waters signatures [9] to construct threshold signatures secure against adaptive adversaries in the standard model. eir signatures still require interactions via secure point-to-point channels.…”

Section: Introductionmentioning

confidence: 99%

A Fully Adaptively Secure Threshold Signature Scheme Based on Dual-Form Signatures Technology

Gan

2021

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…In 2006, Almansa, Damgård and Nielsen [7] came up with a variant of Rabin's threshold RSA signatures [63] for which they proved adaptive security using the SIP technique and ideas from [34,35]. Similar techniques were used in [69] to build adaptively secure threshold Waters signatures [70]. While the SIP technique does provide adaptively secure threshold protocols, it inherently requires interaction.…”

Section: Introductionmentioning

confidence: 99%

Adaptively Secure Non-interactive CCA-Secure Threshold Cryptosystems: Generic Framework and Constructions

Libert

Yung

2020

J Cryptol

View full text Add to dashboard Cite

In threshold cryptography, private keys are divided into n shares, each one of which is given to a different server in order to avoid single points of failure. In the case of threshold public-key encryption, at least t ≤ n servers need to contribute to the decryption process. A threshold primitive is said robust if no coalition of t malicious servers can prevent remaining honest servers from successfully completing private key operations. Non-interactive schemes, considered the most practical ones, allow servers to contribute to decryption without interactions. So far, most non-interactive threshold cryptosystems were only proved secure against static corruptions. In the adaptive corruption scenario (where the adversary can corrupt servers at any time, based on its complete view), all existing robust threshold encryption schemes that also resist chosen-ciphertext attacks (CCA) till recently require interaction in the decryption phase. A very specific method (in composite order groups) for getting rid of interaction was recently suggested, leaving the question of more generic frameworks and constructions with better security and, in particular, better flexibility (i.e., compatibility with distributed key generation). This paper advances the state of the art and describes a general construction of adaptively secure robust non-interactive threshold cryptosystems with chosen-ciphertext security. We define the novel notion of all-but-one perfectly sound threshold hash proof systems that can be seen as (threshold) hash proof systems with publicly verifiable and simulation-sound proofs. We show that this notion generically implies threshold cryptosystems combining the aforementioned properties. Then, we provide efficient instantiations under well-studied assumptions in bilinear groups (e.g., in such groups of prime order). These instantiations have a tighter security proof in the single-challenge setting and are indeed compatible with distributed key generation protocols.

show abstract

“…In distributed computing environments, it is necessary to maintain the user anonymity (Lee and Chang, 2000;Wu and Hsu, 2004;Yang et al, 2004;Kumar and Rajendra, 2006;Gao et al, 2009;Wang et al, 2009;Wang and Hu, 2010;Liu and Huang, 2010;Sun et al, 2010;Tseng and Wu, 2010;Xiong et al, 2010;Ren et al, 2010). That is, only the server can identify the user, while no other entity can determine any information concerning the user's identity.…”

Section: Introductionmentioning

confidence: 99%

An Improvement of the User Identification and Key Agreement Protocol with User Anonymity

Yoon

Yoo

2012

Informatica

View full text Add to dashboard Cite

User anonymity is very important security technique in distributed computing environments that an illegal entity cannot determine any information concerning the user's identity. In 2006, Kumar-Rajendra proposed a Secure Identification and Key agreement protocol with user Anonymity (SIKA). This paper demonstrates the vulnerability of the SIKA protocol and then presents an improvement to repair the security flaws of the SIKA protocol.

show abstract

Adaptively Secure Threshold Signature Scheme in the Standard Model

Cited by 9 publications

References 45 publications

A Fully Adaptively Secure Threshold Signature Scheme Based on Dual-Form Signatures Technology

A Fully Adaptively Secure Threshold Signature Scheme Based on Dual-Form Signatures Technology

Adaptively Secure Non-interactive CCA-Secure Threshold Cryptosystems: Generic Framework and Constructions

An Improvement of the User Identification and Key Agreement Protocol with User Anonymity

Contact Info

Product

Resources

About