Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme

We propose a robust proactive threshold signature scheme, a multisignature scheme and a blind signature scheme which work in any Gap Diffie-Hellman (GDH) group (where the Computational Diffie-Hellman problem is hard but the Decisional Diffie-Hellman problem is easy). Our constructions are based on the recently proposed GDH signature scheme of Boneh et al. [8]. Due to the instrumental structure of GDH groups and of the base scheme, it turns out that most of our constructions are simpler, more efficient and have more useful properties than similar existing constructions. We support all the proposed schemes with proofs under the appropriate computational assumptions, using the corresponding notions of security.

[1]  K. Ohta,et al.  Multi-Signature Schemes Secure against Active Insider Attacks (Special Section on Cryptography and Information Security) , 1999 .

[2]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[3]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[4]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[5]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[6]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[7]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.

[8]  Tatsuaki Okamoto,et al.  A digital multisignature scheme using bijective public-key cryptosystems , 1988, TOCS.

[9]  Rafail Ostrovsky,et al.  How To Withstand Mobile Virus Attacks , 1991, PODC 1991.

[10]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[11]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[12]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[13]  Mihir Bellare,et al.  Fast Batch Verification for Modular Exponentiation and Digital Signatures , 1998, IACR Cryptol. ePrint Arch..

[14]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[15]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[16]  Anna Lysyanskaya,et al.  Unique Signatures and Verifiable Random Functions from the DH-DDH Separation , 2002, CRYPTO.

[17]  Silvio Micali,et al.  Accountable-subgroup multisignatures: extended abstract , 2001, CCS '01.

[18]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[19]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[20]  Steven D. Galbraith,et al.  Public key signatures in the multi-user setting , 2002, Inf. Process. Lett..

[21]  Ran Canetti,et al.  Maintaining Security in the Presence of Transient Faults , 1994, CRYPTO.

[22]  S. Micali,et al.  Accountable-Subgroup Multisignatures , 2001 .

[23]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[24]  Antoine Joux,et al.  Separating Decision Diffie-Hellman from Diffie-Hellman in cryptographic groups , 2001, IACR Cryptology ePrint Archive.

[25]  Holger Petersen,et al.  Meta-Multisignature schemes based on the discrete logarithm problem , 1995 .

[26]  Narn-Yih Lee,et al.  Threshold-Multisignature Schemes where Suspected Forgery Implies Traceability of Adversarial Shareholders , 1994, EUROCRYPT.

[27]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[28]  K. Itakura,et al.  A public-key cryptosystem suitable for digital multisignatures , 1983 .

[29]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[30]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[31]  Chanathip Namprempre,et al.  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme , 2003, Journal of Cryptology.

[32]  Yvo Desmedt,et al.  Threshold cryptography , 1994, Eur. Trans. Telecommun..

[33]  Moti Yung,et al.  Proactive RSA , 1997, CRYPTO.

[34]  Kazuo Ohta,et al.  A Digital Multisignature Scheme Based on the Fiat-Shamir Scheme , 1991, ASIACRYPT.

[35]  L. Harn Group-oriented (t, n) threshold digital signature scheme and digital multisignature , 1994 .

[36]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[37]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[38]  Felix Schlenk,et al.  Proof of Theorem 3 , 2005 .

[39]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[40]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[41]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[42]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.