Article

Forward-Secure Threshold Signature Schemes

Authors:

Michel Abdalla,

Chanathip NamprempreAuthors Info & Claims

CT-RSA 2001: Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA

Pages 441 - 456

Published: 08 April 2001 Publication History

Abstract

We construct forward-secure threshold signature schemes. These schemes have the following property: even if more than the threshold number of players are compromised, it is not possible to forge signatures relating to the past. This property is achieved while keeping the public key fix ed and updating the secret keys at regular intervals. The schemes are reasonably efficient in that the amount of secure storage, the signature size and the key lengths do not vary proportionally to the number of time periods during the lifetime of the public key. Both proposed schemes are based on the Bellare-Miner forward-secure signature scheme. One scheme uses multiplicative secret sharing and tolerates mobile eavesdropping adversaries. The other scheme is based on polynomial secret sharing and tolerates mobile halting adversaries. We prove both schemes secure via reduction to the Bellare-Miner scheme, which is known to be secure in the random oracle model assuming that factoring is hard.

References

[1]

M. Abdalla, S. Miner, and C. Namprempre. Forward secure threshold signature schemes. Full version of this paper, available from the authors.

[2]

R. Anderson. Two remarks on public-key cryptology. Manuscript, Sep. 2000. Relevant material first presented by the author in an Invited Lecture at the Fourth Annual Conference on Computer and Communications Security, Zurich, Switzerland, Apr. 1997.

[3]

M. Bellare and S. Miner. A forward-secure digital signature scheme. In M. Wiener, editor, Proc. of CRYPTO ' 99 , volume 1666 of LNCS , pages 431-448. Springer-Verlag, Aug. 1999.

[4]

M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness theorems for noncryptographic fault-tolerant distributed computations. In Proc. of STOC'98 , pages 1-10, New York, 1988. ACM Press.

[5]

M. Burmester, Y. Desmedt, and J. Seberry. Equitable key escrow with limited time span (or how to enforce time expiration cryptographically). In K. Ohta, editor, Proc. of ASIACRYPT '98 , volume 1514 of LNCS . Springer-Verlag, 1998.

[6]

Y. Desmedt. Threshold cryptosystems. In J. Seberry and Y. Zheng, editors, Proc. of AUSCRYPT '92 , volume 718 of LNCS . Springer-Verlag, 1993.

[7]

Y. Desmedt, G. Di Crescenzo, and M. Burmester. Multiplicative non-abelian sharing schemes and their application to threshold cryptography. In J. Pieprzyk and R. Safavi-Naini, editors, Proc. of ASIACRYPT '94 , volume 917 of LNCS . Springer-Verlag, 1995.

[8]

Y. Desmedt and Y. Frankel. Shared generation of authenticators and signatures. In J. Feigenbaum, editor, Proc. of CRYPTO ' 91 , volume 576 of LNCS , pages 457-469. Springer-Verlag, Aug. 1991.

[9]

A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In A. M. Odlyzko, editor, Proc. of CRYPTO ' 86 , volume 263 of LNCS , pages 186-194. Springer-Verlag, Aug. 1986.

[10]

R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust threshold DSS signatures. In U. Maurer, editor, Proc. of EUROCRYPT ' 96 , volume 1070 of LNCS , pages 354-371. Springer-Verlag, May 1996.

[11]

R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Secure distributed key generation for discrete-log based cryptosystems. In J. Stern, editor, Proc. of EUROCRYPT'99 , volume 1592 of LNCS , pages 295-310. Springer-Verlag, May 1999.

[12]

R. Gennaro, M. Rabin, and T. Rabin. Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In Proc. of PODC'98 , 1998.

[13]

A. Herzberg, M. Jarecki, H. Krawczyk, and M. Yung. Proactive secret sharing or: How to cope with perpetual leakage. In D. Coppersmith, editor, Proc. of CRYPTO ' 95 , volume 963 of LNCS , pages 339-352. Springer-Verlag, Aug. 1995.

[14]

I. Ingemarsson and G. Simmons. A protocol to set up shared secret schemes without the assistance of a mutually trusted party. In I. Damgård, editor, Proc. of EUROCRYPT ' 90 , volume 473 of LNCS , pages 266-282. Springer-Verlag, May 1990.

[15]

H. Ong and C. Schnorr. Fast signature generation with a Fiat Shamir-like scheme. In I. Damgård, editor, Proc. of EUROCRYPT ' 90 , volume 473 of LNCS , pages 432-440. Springer-Verlag, May 1990.

[16]

A. Shamir. How to share a secret. Communications of the Association for Computing Machinery , 22(11):612-613, Nov. 1979.

[17]

V. Shoup. Practical threshold signatures. In B. Preneel, editor, Proc. of EUROCRYPT ' 96 , volume 1807 of LNCS . Springer-Verlag, May 2000.

Cited By

Agrawal SMiao PMohassel PMukherjee PLie DMannan MBackes MWang X(2018)PASTAProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243839(2042-2059)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243839
Agrawal SMohassel PMukherjee PRindal PLie DMannan MBackes MWang X(2018)DiSEProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243774(1993-2010)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243774
Hartung G(2016)Secure Audit Logs with Verifiable ExcerptsProceedings of the RSA Conference on Topics in Cryptology - CT-RSA 2016 - Volume 961010.1007/978-3-319-29485-8_11(183-199)Online publication date: 29-Feb-2016
https://dl.acm.org/doi/10.1007/978-3-319-29485-8_11
Show More Cited By

Index Terms

Forward-Secure Threshold Signature Schemes

Index terms have been assigned to the content through auto-classification.

Recommendations

Adaptively secure forward-secure non-interactive threshold cryptosystems
Inscrypt'11: Proceedings of the 7th international conference on Information Security and Cryptology

Threshold cryptography aims at enhancing the availability and security of decryption and signature schemes by splitting private keys into several (say n) shares (typically, each of size comparable to the original secret key). In these schemes, a quorum ...
Forward-secure multisignature and blind signature schemes

Forward-secure signature schemes address the key exposure problem, in which all previously generated signatures are still considered to be valid even after the secret key is compromised. Multisignature scheme allow any subgroup of a group of users to ...
Fine-grained forward-secure signature schemes without random oracles
Special issue: Coding and cryptography

We propose the concept of fine-grained forward-secure signature schemes. Such signature schemes not only provide non-repudiation w.r.t. past time periods the way ordinary forward-secure signature schemes do but, in addition, allow the signer to specify ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

CT-RSA 2001: Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA

April 2001

471 pages

ISBN:3540418989

Editor:
David Naccache

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 08 April 2001

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

28
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Agrawal SMiao PMohassel PMukherjee PLie DMannan MBackes MWang X(2018)PASTAProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243839(2042-2059)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243839
Agrawal SMohassel PMukherjee PRindal PLie DMannan MBackes MWang X(2018)DiSEProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243774(1993-2010)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243774
Hartung G(2016)Secure Audit Logs with Verifiable ExcerptsProceedings of the RSA Conference on Topics in Cryptology - CT-RSA 2016 - Volume 961010.1007/978-3-319-29485-8_11(183-199)Online publication date: 29-Feb-2016
https://dl.acm.org/doi/10.1007/978-3-319-29485-8_11
Bugliesi MGallina LHamadou SMarin ARossi S(2014)Behavioural equivalences and interference metrics for mobile ad-hoc networksPerformance Evaluation10.1016/j.peva.2013.11.00373(41-72)Online publication date: 1-Mar-2014
https://dl.acm.org/doi/10.1016/j.peva.2013.11.003
Libert BYung M(2013)Adaptively secure non-interactive threshold cryptosystemsTheoretical Computer Science10.1016/j.tcs.2013.01.001478(76-100)Online publication date: 1-Mar-2013
https://dl.acm.org/doi/10.1016/j.tcs.2013.01.001
Gori RLevi F(2013)An analysis for proving probabilistic termination of biological systemsTheoretical Computer Science10.1016/j.tcs.2012.10.058471(27-73)Online publication date: 1-Feb-2013
https://dl.acm.org/doi/10.1016/j.tcs.2012.10.058
Katoen Jvan de Pol JStoelinga MTimmer M(2012)A linear process-algebraic format with data for probabilistic automataTheoretical Computer Science10.1016/j.tcs.2011.07.021413:1(36-57)Online publication date: 1-Jan-2012
https://dl.acm.org/doi/10.1016/j.tcs.2011.07.021
Dixon CWinfield AFisher MZeng C(2012)Towards temporal verification of swarm robotic systemsRobotics and Autonomous Systems10.1016/j.robot.2012.03.00360:11(1429-1441)Online publication date: 1-Nov-2012
https://dl.acm.org/doi/10.1016/j.robot.2012.03.003
Konur SDixon CFisher M(2012)Analysing robot swarm behaviour via probabilistic model checkingRobotics and Autonomous Systems10.1016/j.robot.2011.10.00560:2(199-213)Online publication date: 1-Feb-2012
https://dl.acm.org/doi/10.1016/j.robot.2011.10.005
Bonsma P(2012)Max-leaves spanning tree is APX-hard for cubic graphsJournal of Discrete Algorithms10.1016/j.jda.2011.06.00512(14-23)Online publication date: 1-Apr-2012
https://dl.acm.org/doi/10.1016/j.jda.2011.06.005
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents