Abstract
We present threshold DSS (Digital Signature Standard) signatures where the power to sign is shared by n players such that for a given parameter t < n/2 any subset of 2t + 1 signers can collaborate to produce a valid DSS signature on any given message, but no subset of t corrupted players can forge a signature (in particular, cannot learn the signature key). In addition, we present a robust threshold DSS scheme that can also tolerate n/3 players who refuse to participate in the signature protocol. We can also endure n/4 maliciously faulty players that generate incorrect partial signatures at the time of signature computation. This results in a highly secure and resilient DSS signature system applicable to the protection of the secret signature key, the prevention of forgery, and increased system availability.
Our results significantly improve over a recent result by Langford from CRYPTO’95 that presents threshold DSS signatures which can stand much smaller subsets of corrupted players, namely, t ≈ √n, and do not enjoy the robustness property. As in the case of Langford’s result, our schemes require no trusted party. Our techniques apply to other threshold ElGamal-like signatures as well. We prove the security of our schemes solely based on the hardness of forging a regular DSS signature.
Chapter PDF
Similar content being viewed by others
Keywords
- Signature Scheme
- Malicious Adversary
- Threshold Secret Sharing
- Undeniable Signature
- Secret Sharing Protocol
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness Theorems for Noncryptographic Fault-Tolerant Distributed Computations. In Proc. 20th ACM Symp. on Theory of Computing, pages 1–10, 1988.
C. Boyd. Digital Multisignatures. In H. Baker and F. Piper, editors, Cryptography and Coding, pages 241–246. Claredon Press, 1986.
E. Berlekamp and L. Welch. Error correction of algebraic block codes. US Patent 4,633,470.
D. Chaum, C. Crepeau, and I. Damgard. Multiparty Unconditionally Secure Protocols. In Proc. 20th ACM Symp. on Theory of Computing, pages 11–19, 1988.
D. Chaum. Zero-knowledge undeniable signatures. In Proc. EUROCRYPT 90, pages 458–464. Springer-Verlag, 1990. Lecture Notes in Computer Science No. 473.
Alredo De Santis, Yvo Desmedt, Yair Frankel, and Moti Yung. How to share a function securely. In Proc. 26th ACM Symp. on Theory of Computing, pages 522–533, Santa Fe, 1994.
Yvo Desmedt. Society and group oriented cryptography: A new concept. In Carl Pomerance, editor, Proc. CRYPTO 87, pages 120–127. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 293.
Yvo G. Desmedt, Threshold cryptography. European Transactions on Telecommunications, 5(4):449–457, July 1994.
Yvo Desmedt and Yair Frankel. Threshold cryptosystems. In G. Brassard, editor, Proc. CRYPTO 89, pages 307–315. Springer-Verlag, 1990. Lecture Notes in Computer Science No. 435.
Y. Desmedt and Y. Frankel. Shared generation of authenticators and signatures. In J. Feigenbaum, editor, Proc. CRYPTO 91, pages 457–469. Springer-Verlag, 1992. Lecture Notes in Computer Science No. 576.
T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Info. Theory, IT 31, 1985.
P. Feldman. A Practical Scheme for Non-Interactive Verifiable Secret Sharing. In Proc. 28th IEEE Symp. on Foundations of Comp. Science, pages 427–437, 1987.
Y. Frankel, P. Gemmel, and M. Yung. Witness-based cryptographic program checking and robust function sharing. To appear in proceedings of STOC96, 1996.
P. Feldman and S. Micali. An Optimal Algorithm for Synchronous Byzantine Agreement. In Proc. 20th ACM Symp. on Theory of Computing, pages 148–161, 1988.
National Institute for Standards and Technology. Digital Signature Standard (DSS). Technical Report 169, August 30 1991.
Rosario Gennaro. Theory and practice of verifiable secret sharing. Ph.D. thesis, Massachusetts Institute of Technology, to appear, 1996.
Rosario Gennaro, Stanislaw Jarecki, Hugo Krawczyk, and Tal Rabin. Robust and efficient sharing of rsa functions. manuscript, 1996.
Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing, 17(2):281–308, April 1988.
S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof-systems. SIAM. J. Computing, 18(1):186–208, February 1989.
L. Harn. Group oriented (t,n) digital signature scheme. IEEE Proc.-Comput.Digit.Tech, 141(5), Sept 1994.
[HJJ+95]_Amir Herzberg, Markus Jakobson, Stanislaw Jarecki, Hugo Krawczyk, and Moti Yung. Proactive proactive public key and signature systems. manuscript, 1995.
Amir Herzberg, Stanislaw Jarecki, Hugo Krawczyk, and Moti Yung. Proactive secret sharing, or: How to cope with perpetual leakage. In Proc. CRYPTO 95. Springer-Verlag, August 1995. Lecture Notes in Computer Science No. 963.
P. Horster, H. Petersen, and M. Michels. Meta-elgamal signatures schemes. In 2nd ACM Conference on Computer and Communications Security, pages 96–107, 1994.
S. Langford. Threshold dss signatures without a trusted party. In Crypto’95, pages 397–409. Springer-Verlag, 1995. Lecture Notes in Computer Science No. 963.
S. Micali and P. Rogaway. Secure computation. In J. Feigenbaum, editor, Proc. CRYPTO 91, pages 392–404. Springer-Verlag, 1992. Lecture Notes in Computer Science No. 576.
R. McEliece and D. Sarwate. On sharing secrets and reed-solomon codes. Communications of the ACM, 24(9):583–584, September 1981.
K. Nyberg and R. Rueppel. Message recovery for signature schemes based on the discrete logarithm problem. In Proc. EUROCRYPT 94, pages 175–190, 1994.
T. Pedersen. Distributed provers with applications to undeniable signatures. In Proc. EUROCRYPT 91, 1991.
T. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Proc. CRYPTO 91, pages 129–140, 1991.
M. Rabin. A Simplification Approach to Distributed Multiparty Computations. personal communication, 1995.
C. P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 4:161–174, 1991.
A. Shamir. How to Share a Secret. Communications of the ACM, 22:612–613, 1979.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T. (1996). Robust Threshold DSS Signatures. In: Maurer, U. (eds) Advances in Cryptology — EUROCRYPT ’96. EUROCRYPT 1996. Lecture Notes in Computer Science, vol 1070. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68339-9_31
Download citation
DOI: https://doi.org/10.1007/3-540-68339-9_31
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61186-8
Online ISBN: 978-3-540-68339-1
eBook Packages: Springer Book Archive