Practical Distributed Signatures in the Standard Model

A distributed signature scheme allows participants in a qualified set to jointly generate a signature which cannot be forged even when all the unqualified participants collude together. In this paper, we propose an efficient scheme for any monotone access structure and show its unforgeability and robustness under the computational Diffie-Hellman (CDH) assumption in the standard model. For 112-bit security, its secret key shares and signature fragments are as short as 255 bits and 510 bits, which are shorter than existing schemes assuming random oracle. We then propose two extensions. The first one allows new participants to dynamically join the system without any help from the dealer. The second one supports a type of multipartite access structures, where the participant set is divided into multiple disjoint groups, and each group is bounded so that a distributed signature cannot be generated unless a pre-defined number of participants from multiple groups work together.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[3]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[4]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[5]  Jeong Hyun Yi,et al.  Efficient node admission for short-lived mobile ad hoc networks , 2005, 13TH IEEE International Conference on Network Protocols (ICNP'05).

[6]  Tsz Hon Yuen,et al.  Practical Threshold Signatures Without Random Oracles , 2007, ProvSec.

[7]  Carles Padró,et al.  Ideal Multipartite Secret Sharing Schemes , 2007, Journal of Cryptology.

[8]  Carles Padró,et al.  Detection of Cheaters in Vector Space Secret Sharing Schemes , 1999, Des. Codes Cryptogr..

[9]  Douglas R. Stinson,et al.  Provably Secure Distributed Schnorr Signatures and a (t, n) Threshold Scheme for Implicit Certificates , 2001, ACISP.

[10]  William E. Burr,et al.  Recommendation for Key Management, Part 1: General (Revision 3) , 2006 .

[11]  Tamir Tassa,et al.  Hierarchical Threshold Secret Sharing , 2004, Journal of Cryptology.

[12]  Frederik Vercauteren,et al.  Practical Realisation and Elimination of an ECC-Related Software Bug Attack , 2012, CT-RSA.

[13]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 1996, CRYPTO.

[14]  Aggelos Kiayias,et al.  Public Key Cryptography - PKC 2006 , 2006, Lecture Notes in Computer Science.

[15]  Germán Sáez,et al.  Revisiting Fully Distributed Proxy Signature Schemes , 2004, INDOCRYPT.

[16]  Javier Herranz,et al.  Short Attribute-Based Signatures for Threshold Predicates , 2012, CT-RSA.

[17]  Serge Vaudenay Public Key Cryptography - PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets, Switzerland, January 23-26, 2005, Proceedings , 2005, Public Key Cryptography.

[18]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[19]  John P. Steinberger,et al.  The preimage security of double-block-length compression functions , 2011, IACR Cryptol. ePrint Arch..

[20]  Anne Canteaut,et al.  Progress in Cryptology - INDOCRYPT 2004, 5th International Conference on Cryptology in India, Chennai, India, December 20-22, 2004, Proceedings , 2004, INDOCRYPT.

[21]  Aggelos Kiayias,et al.  Topics in Cryptology - CT-RSA 2011 - The Cryptographers' Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011. Proceedings , 2011, CT-RSA.

[22]  Tatsuaki Okamoto,et al.  Efficient Attribute-Based Signatures for Non-Monotone Predicates in the Standard Model , 2014, IEEE Transactions on Cloud Computing.

[23]  Germán Sáez,et al.  Protocols useful on the Internet from distributed signature schemes , 2004, International Journal of Information Security.

[24]  Kaoru Kurosawa,et al.  Public-Key Cryptography – PKC 2013 , 2013, Lecture Notes in Computer Science.

[25]  Carl Pomerance,et al.  Advances in Cryptology — CRYPTO ’87 , 2000, Lecture Notes in Computer Science.

[26]  Enav Weinreb,et al.  Monotone circuits for monotone weighted threshold functions , 2006, Inf. Process. Lett..

[27]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[28]  Carles Padró,et al.  Ideal Hierarchical Secret Sharing Schemes , 2010, IEEE Transactions on Information Theory.

[29]  Manoj Prabhakaran,et al.  Attribute-Based Signatures , 2011, CT-RSA.

[30]  Germán Sáez,et al.  Verifiable Secret Sharing for General Access Structures, with Application to Fully Distributed Proxy Signatures , 2003, Financial Cryptography.

[31]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[32]  Yehuda Lindell,et al.  More Efficient Constant-Round Multi-Party Computation from BMR and SHE , 2016, IACR Cryptol. ePrint Arch..

[33]  Tatsuaki Okamoto,et al.  Decentralized Attribute-Based Signatures , 2013, Public Key Cryptography.

[34]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[35]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 1996, Journal of Cryptology.

[36]  Weighted Threshold Secret Sharing Schemes , 1999, Inf. Process. Lett..

[37]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[38]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[39]  Gustavus J. Simmons,et al.  How to (Really) Share a Secret , 1988, CRYPTO.

[40]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[41]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[42]  Hugo Krawczyk,et al.  Threshold RSA for Dynamic and Ad-Hoc Groups , 2008, EUROCRYPT.

[43]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[44]  Xavier Boyen,et al.  Mesh Signatures , 2007, EUROCRYPT.

[45]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[46]  Nira Dyn,et al.  Multipartite Secret Sharing by Bivariate Interpolation , 2008, Journal of Cryptology.

[47]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[48]  Josep Domingo-Ferrer,et al.  Provably secure threshold public-key encryption with adaptive security and short ciphertexts , 2012, Inf. Sci..

[49]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[50]  Ernest F. Brickell,et al.  Some Ideal Secret Sharing Schemes , 1990, EUROCRYPT.

[51]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[52]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[53]  Carles Padró,et al.  Distributed RSA Signature Schemes for General Access Structures , 2003, ISC.

[54]  Brent Waters,et al.  Short and Stateless Signatures from the RSA Assumption , 2009, CRYPTO.

[55]  Ivan Damgård,et al.  Efficient Threshold RSA Signatures with General Moduli and No Extra Assumptions , 2005, Public Key Cryptography.

[56]  Albrecht Beutelspacher,et al.  On 2-level secret sharing , 1993, Des. Codes Cryptogr..

[57]  Tamir Tassa,et al.  Characterizing Ideal Weighted Threshold Secret Sharing , 2008, SIAM J. Discret. Math..

[58]  Ivan Damgård,et al.  Linear Integer Secret Sharing and Distributed Exponentiation , 2006, IACR Cryptol. ePrint Arch..

[59]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[60]  Yeow Meng Chee,et al.  Coding and Cryptology, Second International Workshop, IWCC 2009, Zhangjiajie, China, June 1-5, 2009. Proceedings , 2009, IWCC.

[61]  Georg Fuchsbauer,et al.  Policy-Based Signatures , 2013, IACR Cryptol. ePrint Arch..

[62]  Rosario Gennaro,et al.  Public Key Cryptography - PKC 2011 - 14th International Conference on Practice and Theory in Public Key Cryptography, Taormina, Italy, March 6-9, 2011. Proceedings , 2011, Public Key Cryptography.

[63]  Carles Padró,et al.  Natural Generalizations of Threshold Secret Sharing , 2011, IEEE Transactions on Information Theory.

[64]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[65]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[66]  Jean-Jacques Quisquater,et al.  Advances in Cryptology — EUROCRYPT ’89 , 1991, Lecture Notes in Computer Science.

[67]  Moni Naor Advances in Cryptology - EUROCRYPT 2007, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007, Proceedings , 2007, EUROCRYPT.

[68]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .