Research On The Threshold Signature Scheme

With the quick development of computer and network, digital signature plays an important role in real life, and more and more new requirements are presented. Threshold signature is the popularization of ordinary digital signature, and the difference lies in: Ordinary digital signature is generated by one individual, while threshold signature is generated by multi-members' cooperation. For example, in a (t, n) threshold signature scheme, we need t or more cooperators to produce a signature. But their verifications are both finished by an individual. Threshold signature is one main research content of threshold cryptography.Secret sharing is the basis of threshold cryptosystem. The main idea of threshold secret sharing is to divide the secret key into several shares and store them in multiple severs respectively. When we need to reconstruct this secret key or do some cryptological operation related to this secret key, only no fewer than a certain number of severs can complete this work. Any severs group less than the certain number can't compute this secret key. One of the important research objects is new member enrollment protocol, which deals with the problem of how to distribute new member's secret share correctly. Enrollment protocol must be run without any trusted dealer and reconstruction of the secret. A practical enrollment protocol for new member is presented in chapter 3.There are two problems in an ordinary secret sharing scheme: one is the honesty of dealer, the dealer give false subkey to some player on purpose, and how do the player verify the subkey; the other is the honesty of players, when some malicious player provides false subkey, how do other players distinguish. Study of the two problems brings on verifiable secret sharing. Generally, members want to know whether their shares are valid, the only method is to try to reconstruct the key, and verifiable secret sharing allows members to verify whether their shares are valid instead of reconstructing the secret. Verifiable threshold signature is studied in chapter 3.Forward secure signature scheme can not guarantee the safety of signature after key exposure. To solve the problem, key-insulated signature is put forward. There are two modules in key-insulated signature, one is the signer and the other is the base. The signer signs a message with the key of current period, and computes his new key with the information of the base at the end of each period. Assume the base to be secure, there are no methods to compute the key of the period after key exposure without help of the base, even the inbreaker has the current key. A key-insulated threshold signature scheme is proposed in chapter 3.Shamir first presented identity-based public key cryptosystem in 1984. In this cryptosystem, public key of user can be determined by his public identity information (such as email or IP address), and private key of user can be generated by private key generator. Thus any pair of users can communicate securely without exchanging public key certificates, keeping a public key directory, or using online service of a third party. Since then, many identity-based signature schemes have been proposed. Bilinear pairings can be used to devise practical identity-based signature scheme. Identity-based threshold signature is studied in this dissertation, and all identity-based schemes in this dissertation are based on bilinear pairings.In 1996, Mambo et al. first introduced the concept of proxy signatures. In the proxy signature scheme, an original signer is allowed to delegate his signing authority to a reliable proxy signer. Then the proxy signer is able to sign on behalf of the original signer. With the development of proxy signature, threshold proxy signature is also widely studied. Threshold proxy signature is studied in chapter 4. Firstly we analyze an identity-based threshold proxy signature scheme, and then propose a certificate-based threshold proxy signature scheme.Blind signature allows the user to obtain a signature of a message in a way that the signer learns neither the message nor the resulting signature. Blind signature is frequently used in e-cash or e-voting systems. Combining threshold signature with blind signature, threshold blind signature is proposed. Threshold blind signature is studied in chapter 5, first an identity-based blind signature is proposed, then an identity-based threshold blind signature scheme is proposed based on the proposed blind signature scheme. In threshold signature scheme, if t or more users collude, they can impersonate any other set of users to generate signatures, which implies that a malicious subgroup of users can generate signatures without taking any responsibility. To solve this problem, the method of threshold multisignature is presented, which combines the idea of threshold signature with the idea of multisignature. It can prevent a group of malicious users from impersonating other users through the generation of signatures. Two threshold multisignature schemes from bilinear pairings are proposed in chapter 6.Group signature allows a group member to sign messages anonymously on behalf of the group. However, in the case of a dispute, the identity of a signer can be revealed by the group manager. Combining group signature with threshold signature brings to threshold group signature. In chapter 7, we analyze two threshold group signature schemes and propose a new one and an approach to convert any threshold signature into a threshold group signature.A ring signature is considered to be a simplified group signature, which consists of only users without managers and has not a setup procedure of the group. It protects the anonymity of a signer since the verifier knows that the signature comes from a member of a ring, but does not know exactly who the signer is. There is no way to revoke the anonymity of the signer in the case of a dispute, either. Combining ring signature with threshold signature brings to threshold ring signature. An efficient identity-based threshold ring signature scheme with provable security in random oracle model is proposed in chapter 8.The main work in this paper is to research on the threshold signature scheme above-mentioned. The main results are as follows:We put forward a new member enrollment protocol for secret sharing scheme. Threshold old members can distribute secret share for new member without reconstructing the secret, and only the new member can get the secret share. At last, we compare proposed protocol with related work.Analyze a threshold signature scheme without a trusted party and point out the keys are redundant. At the same time, a simplified scheme is proposed, of which the security is equal to the one of redundant scheme.We improve Shoup's threshold RSA signature scheme, and present a verifiable threshold RSA signature scheme by using verifiable secret sharing, which solves the problem of honesty of the dealer.To solve the exposure of secret key in ordinary threshold signature and forward secure threshold signature, a key-insulated threshold signature scheme is presented. Even if the secret key is exposed in some period, the secret keys of other periods are still secure.Analyze an identity-based threshold proxy signature scheme, then point out it is insecure and inefficient, at last propose an efficient certificate-based threshold proxy signature scheme and give security proof.Propose a new identity-based blind signature scheme and analyze its correctness, blindness and unforgeability. Then put forward an efficient identity-based threshold blind signature scheme based on the proposed blind signature scheme. It saves management costs for it need not manage user certificates.To solve collusion problem of threshold signature, combining with the idea of multisignature, two threshold multisignature schemes from bilinear pairings are proposed. One is based on certificate and the other is based on identity.Analyze a threshold group signature scheme and a group signature scheme based on vector space secret sharing, point out their disadvantages, then propose a new group signature scheme based on vector space secret sharing, finally give an approach to convert any threshold signature into a threshold group signature.An identity-based threshold ring signature scheme is presented. It is more efficient compared with this type of scheme, and give a security proof in random oracle model.Our next works include: researching on how to remove the trusted party of threshold RSA signature scheme, and building up efficient threshold RSA signature scheme without a trusted party; researching on more efficient threshold group signature scheme and threshold ring signature scheme; building up provably secure threshold signature scheme in standard model (without random oracle).