• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.2
• /
• pp.69-74
• /
• 2004

Threshold digital signature is very useful for networks that have no infrastructure such as ad hoc network Up to date, research on threshold digital signature is mainly focused on RSA and DSA. Though Schnorr's digital signature scheme is very efficient in terms of both computation and communication. its hard structure using interactive proof prevents conversion to threshold version. This paper proposes an efficient threshold signature. scheme based on the Schnorr's signature. It has a desirable property of scalability and reduces runtime costs by precomputation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.2
• /
• pp.897-913
• /
• 2016

Threshold signature is very important in identity authentication and some other applications. In December 2010, Chinese Encryption Administration released the SM2 elliptic curve digital signature algorithm as the first standard of the digital signature algorithm in China. At present, the papers on the threshold signature scheme based on this algorithm are few. A SM2 elliptic curve threshold signature scheme without a trusted center is proposed according to the Joint-Shamir-RSS algorithm, the Joint-Shamir-ZSS algorithm, the sum or diff-SS algorithm, the Mul-SS algorithm, the Inv-SS algorithm and the PM-SS algorithm. The proposed scheme is analyzed from correctness, security and efficiency. The correctness analysis shows that the proposed scheme can realize the effective threshold signature. The security analysis shows that the proposed scheme can resist some kinds of common attacks. The efficiency analysis shows that if the same secret sharing algorithms are used to design the threshold signature schemes, the SM2 elliptic curve threshold signature scheme will be more efficient than the threshold signature scheme based on ECDSA.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.2
• /
• pp.1003-1019
• /
• 2019

Threshold ring signature scheme enables any t entities from N ring members to spontaneously generate a publicly verifiable t-out-of-N signature anonymously. The verifier is convinced that the signature is indeed generated by at least t users from the claimed group, but he cannot tell them apart. Threshold ring signatures are significant for ad-hoc groups such as mobile ad-hoc networks. Based on the lattice-based ring signature proposed by Melchor et al. at AFRICRYPT'13, this work presents a lattice-based threshold ring signature scheme, employing the technique of message block sharing proposed by Choi and Kim. Besides, in order to avoid the system parameter setup problems, we proposed a message processing technique called "pad-then-permute", to pre-process the message before blocking the message, thus making the threshold ring signature scheme more flexible. Our threshold ring signature scheme has several advantages: inherits the quantum immunity from the lattice structure; has considerably short signature and almost no signature size increase with the threshold value; provable to be correct, efficient, indistinguishable source hiding, and unforgeable.

• Journal of Electrical Engineering and information Science
• /
• v.1 no.2
• /
• pp.87-95
• /
• 1996

This paper presents a (k,n) threshold digital signature scheme with no trusted dealer. Our idea is to use the EIGamal signature scheme modified for group use. Among many digital signature schemes, our modification has a nice property for our purpose. We also show a (k.n) threshold fail stop signature scheme and two (k.n) threshold undeniable signature schemes. We use [10] as the original fail stop signature scheme, and use [3] and [2] as the original undeniable signature schemes. Since all these schemes are based on the discrete log problem, we can use the same technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.3
• /
• pp.109-114
• /
• 2005

On the research for constructing secure group-oriented proxy signature schemes, there are several proposals of threshold proxy signature schemes which combine the notions of proxy signature with threshold signature. Recently, Hsu and Wu proposed a threshold proxy signature scheme which uses a self-certified public key based on discrete logarithm problem. In this paper, we show that this scheme is vulnerable to original signer's forgery attack. So our attack provides the evidence that this scheme does not satisfy nonrepudiation property.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 1998.05a
• /
• pp.315-320
• /
• 1998

n명의 사용자들 중 k명 이상이 모이면 시스템의 비밀정보가 재구성 되는 시스템을 threshold cryptosystem 이라고 한다. 1979년 Adi Shamir에 의해 threshold 개념이 제안된 이래로, 그 현실적인 효용성때문에 많은 연구들이 이루어져 왔다. Threshold cryptosystem을 구성하기 위해서는 n명의 사용자들이 각자의 share를 가지고 있어서 그 중 k명 이상이 자신의 share를 밝히면 시스템의 비밀정보가 재구성된다. 그러나, 시스템의 비밀정보가 재구성 된 후에는 각 사용자들의 share를 재분배해야 한다. 이러한 특성은 반복적으로 전자서명과 같은 비밀연산을 수행해야 하는 응용에서는 비현실적이 된다. 이러한 경우에 적용시키기 위한 암호시스템이 threshold signature이다. (t, n)-threshold signature 시스템에서는 n명의 사용자들 중 k명 이상이 자신의 share를 이용한 부분서명을 수행하면 전체 시스템 서명이 생성된다. 그러나, 시스템의 비밀정보는 재구성 되지 않으므로 아무도 알 수 없고, 따라서 재분배 할 필요가 없다. 본 논문에서는 이러한 threshold signature 시스템에 대한 연구결과들을 살펴본다.

• Journal of Information Processing Systems
• /
• v.12 no.2
• /
• pp.249-262
• /
• 2016

In 2004, Yang et al. proposed a threshold proxy signature scheme that efficiently reduced the computational complexity of previous schemes. In 2009, Hu and Zhang presented some security leakages of Yang's scheme and proposed an improvement to eliminate the security leakages that had been pointed out. In this paper, we will point out that both Yang and Hu's schemes still have some security weaknesses, which cannot resist warrant attacks where an adversary can forge valid proxy signatures by changing the warrant $m_w$. We also propose two secure improvements for these schemes.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.07a
• /
• pp.37-42
• /
• 2003

Threshold signature and blind signature are playing important roles in cryptography as well as practical applications such as e-cash and e-voting systems. In this paper, we present a new threshold blind digital signature based on pairings without a trusted third party. Our scheme operates on Gap Diffie-Hellman group, where Computational Diffie-Hellman problems are hard but Decision Diffie-Hellman problems are easy. For example, we use pairings that could be built from Weil pairing or Tate pairing. To the best of our knowledge, we claim that our scheme is the first threshold blind signature using pairings with provable security in the random oracle model.

• The KIPS Transactions:PartD
• /
• v.14D no.4 s.114
• /
• pp.373-380
• /
• 2007

Ubiquitous electronic commerce can offer anytime, anywhere access to network and exchange convenient informations between individual and group, or between group and group. To use secure ubiquitous electronic commerce, it is essential for users to have digital signature with the properties of integrity and authentication. The digital signature for ubiquitous networks is required neither a trusted group manager, nor a setup procedure, nor a revocation procedure etc. because ubiquitous networks can construct or deconstruct groups anytime, anwhere as occasion demands. Therefore, this paper proposes a threshold ring signature as digital signature for secure ubiquitous electronic commerce using the ring signature without forgery (integrity) and the (n,t) ring signature solving the problem cannot prove the fact which a message is signed by other signer. Thus the proposed threshold ring signature is ubiquitous group signature for the next generation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.81-92
• /
• 2002

In some practical circumstances, the ability of a signer should be restricted. In group signature schemes, a group member of a group may be allowed to generate signatures up to a certain number of times according to his/her position in the group. In proxy signature schemes, an original signer may want to allow a proxy signer to generate a certain number of signatures on behalf of the original signer. In the paper, we present signature schemes, called c-times signature schemes, that restrict the signing ability of a signer up to c times for pre-defined value c at set-up. The notion of c-times signature schemes are formally defined, and generic transformation from a signature scheme to a c-times signature scheme is suggested. The proposed scheme has a self-enforcement property such that if a signer generates c+1 or more signatures, his/her signature is forged. As a specific example, we present a secure c-times signature scheme $^c$DSA based on the DSA (Digital Signature Algorithm) by using a threshold scheme. Our transformation can be applied to other ElGamal-like signature schemes as well.