A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Proactive public key and signature systems
Proceedings of the 4th ACM conference on Computer and communications security
Simple forward-secure signatures from any signature scheme
Proceedings of the 7th ACM conference on Computer and communications security
Communications of the ACM
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Password Authentication Using Multiple Servers
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Threshold Password-Authenticated Key Exchange
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Flaws in Applying Proof Methodologies to Signature Schemes
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
The Security of Cipher Block Chaining
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
A Simplified Approach to Threshold and Proactive RSA
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Server-Assisted Generation of a Strong Secret from a Password
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Strong Key-Insulated Signature Schemes
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
SiBIR: Signer-Base Intrusion-Resilient Signatures
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Yaksha: augmenting Kerberos with public key cryptography
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Networked Cryptographic Devices Resilient to Capture
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A method for fast revocation of public key certificates and security capabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A practical scheme for non-interactive verifiable secret sharing
SFCS '87 Proceedings of the 28th Annual Symposium on Foundations of Computer Science
Robust threshold DSS signatures
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Practical threshold signatures
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
The dark side of threshold cryptography
FC'02 Proceedings of the 6th international conference on Financial cryptography
Privacy-enhancing k-anonymization of customer data
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Threshold cryptography in P2P and MANETs: The case of access control
Computer Networks: The International Journal of Computer and Telecommunications Networking
Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
Universally composable DKG with linear number of exponentiations
SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Efficient cryptographic protocol design based on distributed el gamal encryption
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Multiparty computation with low communication, computation and interaction via threshold FHE
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Improving Helios with everlasting privacy towards the public
EVT/WOTE'12 Proceedings of the 2012 international conference on Electronic Voting Technology/Workshop on Trustworthy Elections
Distributed ElGamal à la Pedersen: Application to Helios
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
| Hi-index | 0.00 |
Secrecy of private signing keys is one of the most important issues in secure electronic commerce. A promising solution to this problem is to distribute the signing function among multiple parties. However, a threshold signature scheme typically assumes that the shared signing function can only be activated by a quorum number of parties, which is inappropriate in settings where a user employs some public servers for a threshold protection of her private signing function (therefore the name "server-assisted threshold signatures"). In this paper we present two efficient and provably secure schemes for server-assisted threshold signatures, where the signing function is activated by a user (but in certain enhanced way). The first one (we call TPAKE-HTSig) is tailored for the setting where a user has a networked device that is powerful enough to efficiently compute modular exponentiations. The second one (we call LW-TSig) is tailored for the setting where a user has a smart card without a cryptographic co-processor. Modular construction of the schemes ensures that any module can be substituted without weakening security of the resultant scheme, as long as the substitutive one satisfies certain security requirement. In addition to the two schemes, we also present a taxonomy of systems protecting private signing functions.