Secure Computation Of Shared Secrets And Its Applications

Recent years,there has been renewed attention to threshold signature because the thresh-old version of the Elliptic Curve Digital Signature Algorithm?ECDSA?and SM2 Elliptic Curve Cryptographic Algorithm?SM2?could be used in Bitcoin and other cryptocurren-cies as the underlying digital signature scheme to protect users'private keys that promise transactions.A?,9?)threshold signature scheme means that in a set of9)parties,at leastplayers can exercise the right of signing signatures on behalf of the group,that is,at leastof players cooperation can generate a valid signature for the message8),and any less thanof players cooperation cannot generate a valid signature for the message,nor can obtain any information about the signed private key.But there still remain questions in existing threshold cryptographic systems:to ac-complish a?,9?)security threshold signature scheme,at least?2-1?players are required to sign correctly.This is inconsistent with the requirement that the threshold value of the threshold signature scheme should be fixed,and when the number of players9)is less than?2-1?,the threshold ECDSA/SM2 signature scheme will be unavailable.This problem usually results from the inversion step.The secret inverse computation means that when a group of players has shared the secret6)in the form of?,9?),each player needs to compute their own secret share of6)^-1without recovering6).Existing reciprocal com-putation protocol for shared secrets usually requires at least?2-1?,rather thanplayers,to compute their share of6)^-1jointly.In this thesis,to solve the problem,we first come up with a new multiplication pro-tocol of shared secrets.This protocol can solve the following problem:when two secretsandare distributed among9)players in?,9?)way at the same time,each player needs to compute its own share of the product of two secretswithout recoveringand,and at leastplayers can jointly recover the secret.With the proposed multiplication protocol,we improve the existing secret reciprocal computation protocol and get a reciprocal computation protocol for shared secret without increasing the threshold value so as to ensure that at leastplayers can cooperate compute their own shares of6)^-1without obtaining the secret6).After that,we propose a?,9?)threshold SM2 elliptic curve threshold signature scheme based on the two proposed protocols.Our proposed?,9?)threshold SM2 sig-nature scheme not only avoids zero-knowledge?ZK?proof but also ensures the value of the threshold is fixed.At the end of this thesis,after analyzing the correctness,secu-rity,and efficiency of the obtained?,9?)threshold SM2 signature scheme,we compare it with the?,9?)threshold ECDSA signature scheme under the same parameters.Through the analysis,we can get that the?,9?)threshold SM2 signature scheme we proposed has higher operating efficiency and faster singing process than ECDSA.