Linear Integer Secret Sharing and Distributed Exponentiation

Damgård, Ivan; Thorbek, Rune

doi:10.1007/11745853_6

Cited by 37 publications

(52 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are several distributed signature schemes [26,27,12] have been presented. Our basic scheme improves the state-of-the-art in a few different dimensions.…”

Section: Our Contributionsmentioning

confidence: 99%

See 1 more Smart Citation

Practical (fully) distributed signatures provably secure in the standard model

Wang

Wong

et al. 2015

Theoretical Computer Science

View full text Add to dashboard Cite

Please cite this article in press as: Y. Wang et al., Practical (fully) distributed signatures provably secure in the standard model, Theoret. Comput. Sci. (2015), http://dx. Highlights• We propose a CDH-based distributed signature scheme in the standard model. • We provide two extensions of the basic distributed signature scheme.• We propose a distributed key generation protocol over bilinear group.• We provide a CDH-based fully distributed signature scheme in the standard model. AbstractA distributed signature scheme allows participants in a qualified set to jointly generate a signature which cannot be forged even when any unqualified set of participants collude together. In this paper, we propose an efficient scheme that supports any monotone access structures and show its unforgeability and robustness under the computational Diffie-Hellman (CDH) assumption in the standard model. For 192-bit security, its secret key shares and signature fragments are as short as 511 bits and 1022 bits, which are shorter than existing schemes assuming random oracle. We then propose two extensions. The first one allows new participants to dynamically join the system without any help from the dealer. The second one supports a type of multipartite access structures, where the participant set is divided into multiple disjoint groups, and each group is bounded so that a distributed signature cannot be generated unless a pre-defined number of participants from multiple groups work together. Finally, we present a fully distributed signature scheme such that the centralized trusted dealer can be removed from the system, and the secret keys (shares) can be jointly computed by the involved participants.

show abstract

“…There are several distributed signature schemes [26,27,12] have been presented. Our basic scheme improves the state-of-the-art in a few different dimensions.…”

Section: Our Contributionsmentioning

confidence: 99%

“…Distributed signature [26,27,12], a useful cryptographic primitive in the multi-user setting, which enables a qualified set of participants to jointly generate a signature on a message. Each participant has a share of a (secret) signing key so that she/he can generate a signature fragment for a given message.…”

Section: Introductionmentioning

confidence: 99%

Practical (fully) distributed signatures provably secure in the standard model

Wang

Wong

et al. 2015

Theoretical Computer Science

View full text Add to dashboard Cite

show abstract

“…Their construction is based on the existence of secure multiplication on linear shares over Z Q , so it works for both multi-party with honest majority and two-party. A simpler setting where only y is private, x and Q are both public, has been considered [5,18].…”

Section: Related Work and Comparisonmentioning

confidence: 99%

Efficient Secure Two-Party Exponentiation

Chow

Chung

et al. 2011

Topics in Cryptology – CT-RSA 2011

View full text Add to dashboard Cite

Abstract. We present a new framework to design secure two-party computation protocols for exponentiation over integers and over ZQ where Q is a publicly-known prime. Using our framework, we realize efficient protocols in the semi-honest setting. Assuming the base is non-zero, and the exponent is at most Q/2 for the ZQ case, our protocols consist of at most 5 rounds (each party sending 5 messages) and the total communication consists of a small constant number (≤ 18) of encrypted/encoded elements in ZQ. Without these assumptions, our protocols are still more efficient than a protocol recently proposed by Damgård et al. in TCC 2006 (24 vs. > 114 rounds, ≈ 279 +12t for an error rate of 2 −t vs. > 110 log secure multiplications, where is the bit length of the shares).Our protocols are constructed from different instantiations of our framework with different assumptions (homomorphic encryption or oblivious transfers) to achieve different advantages. Our key idea is to exploit the properties of both additive and multiplicative secret sharing. We also propose efficient transformation protocols between these sharings, which might be of independent interest.

show abstract

“…We suggest an alternative method where our secure computation is based on replicated integer secret sharing suggested by Damgård and Thorbek [13]. Here, the secret is shared additively over the integers, but each player gets several shares.…”

Section: Introductionmentioning

confidence: 99%