A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Completeness theorems for non-cryptographic fault-tolerant distributed computation
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Non-cryptographic fault-tolerant computing in constant number of rounds of interaction
Proceedings of the eighth annual ACM Symposium on Principles of distributed computing
Simplified VSS and fast-track multiparty computations with applications to threshold cryptography
PODC '98 Proceedings of the seventeenth annual ACM symposium on Principles of distributed computing
Communications of the ACM
Robust threshold DSS signatures
Information and Computation
OceanStore: an architecture for global-scale persistent storage
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Awarded Best Student Paper! - Pond: The OceanStore Prototype
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Robust and Efficient Sharing of RSA Functions
Journal of Cryptology
A practical scheme for non-interactive verifiable secret sharing
SFCS '87 Proceedings of the 28th Annual Symposium on Foundations of Computer Science
Secure distributed key generation for discrete-log based cryptosystems
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Practical threshold signatures
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure threshold password-authenticated key exchange
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Efficient threshold RSA signatures with general moduli and no extra assumptions
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Generic on-line/off-line threshold signatures
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Divisible On-Line/Off-Line Signatures
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Is the Notion of Divisible On-Line/Off-Line Signatures Stronger than On-Line/Off-Line Signatures?
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Off-line/on-line signatures: theoretical aspects and experimental results
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Short generic transformation to strongly unforgeable signature in the standard model
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Journal of Network and Computer Applications
Online/offline verification of short signatures
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Efficient multiple-collision trapdoor hash family
Security and Communication Networks
| Hi-index | 0.00 |
At PKC 2006 Crutchfield, Molnar, Turner and Wagner proposed a generic threshold version of on-line/off-line signature schemes based on the "hash-sign-switch" paradigm introduced by Shamir and Tauman. Such a paradigm strongly relies on chameleon hash functions which are collision-resistant functions, with a secret trapdoor which actually allows to find arbitrary collisions efficiently. The "hash-sign-switch" paradigm works as follows. In the off-line phase, the signer hashes and signs a random message s. When, during the on-line phase, he is given a message m to sign the signer uses its knowledge of the hash trapdoor to find a second preimage and "switches" m with the random s. As shown by Crutchfield et al. adapting this paradigm to the threshold setting is not trivial. The solution they propose introduces additional computational assumptions which turn out to be implied by the so-called one-more discrete logarithm assumption. In this paper we present an alternative solution to the problem. As in the previous result by Crutchfield et al., our construction is generic and can be based on any threshold signature scheme, combined with a chameleon hash function based on discrete log. However we show that, by appropriately modifying the chameleon function, our scheme can be proven secure based only on the traditional discrete logarithm assumption. While this produces a slight increase in the cost of the off-line phase, the efficiency of the on-line stage (the most important when optimizing signature computation) is unchanged. In other words the efficiency is essentially preserved. Finally, we show how to achieve robustness for our scheme. Compared to the work by Crutchfield et al., our main solution tolerates at most ⌈n/4⌉ (arbitrarily) malicious players instead of ⌈n/3⌉ however we stress that we do not rely on random oracles in our proofs. Moreover we briefly present a variant which can achieve robustness in the presence of ⌈n/3⌉ malicious players.