Abstract
Secrecy of private signing keys is one of the most important issues in secure electronic commerce. A promising solution to this problem is to distribute the signing function among multiple parties. However, a threshold signature scheme typically assumes that the shared signing function can only be activated by a quorum number of parties, which is inappropriate in settings where a user employs some public servers for a threshold protection of her private signing function (therefore the name “server-assisted threshold signatures”).
In this paper we present two efficient and provably secure schemes for server-assisted threshold signatures, where the signing function is activated by a user (but in certain enhanced way). The first one (we call TPAKE-HTSig) is tailored for the setting where a user has a networked device that is powerful enough to efficiently compute modular exponentiations. The second one (we call LW-TSig) is tailored for the setting where a user has a smart card without a cryptographic co-processor. Modular construction of the schemes ensures that any module can be substituted without weakening security of the resultant scheme, as long as the substitutive one satisfies certain security requirement. In addition to the two schemes, we also present a taxonomy of systems protecting private signing functions.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Work mostly done while at the Laboratory for Information Security Technology, George Mason University.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
R. Anderson. Invited Lecture. ACMC CS’97. 363
M. Bellare, J. Kilian, and P. Rogaway. The Security of Cipher Block Chaining. Crypto’94. 356
M. Bellare and S. Miner. A Forward-Secure Digital Signature Scheme. Crypto’99. 363
M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated Key Exchange Secure against Dictionary Attacks. Eurocrypt’2000. 358, 362, 366
M. Bellare and P. Rogaway. The exact security of digital signatures: How to sign with RSA and Rabin. Eurocrypt’96. 357, 359
M. Bellare and R. Sandhu. The Security of Practical Two-Party RSA Signature Schemes. manuscript. 2001. 357, 363, 364
S. Bellovin and M. Merritt. Encrypted Key Exchange: Password-based Protocols Secure against Dictionary Attack. IEEE Security and Privacy’92. 362
D. Boneh, X. Ding, G. Tsudik, and C. Wong. A Method for Fast Revocation of Public Key Certificates and Security Capabilities. Usenix Security’01. 363
C. Boyd. Digital Multisignatures. Cryptography and Coding, pp 241–246, 1989. 363
R. Canetti. Universally Composable Security: A New Paradigm for Cryptographic Protocols. IEEE FOCS’01. 356
Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong Key-Insulated Signature Schemes. PKC’03, to appear. 364
P. Feldman. A Practical Scheme for Non-Interactive Verifiable Secret Sharing. IEEE FOCS’87. 357
W. Ford and B. Kaliski. Server-Assisted Generation of a Strong Secret from a Password. IEEE Workshops on Enabling Technologies’00. 362
R. Ganesan. Yaksha: Augmenting Kerberos with Public Key Cryptography. NDSS’95. 363
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust Threshold DSS Signatures. Eurocrypt’96. 357, 360
S. Goldwasser, S. Micali, and R. Rivest. A Digital Signature Scheme Secure against Adaptive Chosen-Message Attacks. SIAM J. Comput., (17)2, 1988, pp 281–308. 357
A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk, and M. Yung. Proactive Public Key and Signature Schemes. ACMC CS’97. 357, 360
D. Hoover and B. Kausik. Software Smart Cards via Cryptographic Camoufiage. IEEE Security and Privacy’99. 363
G. Itkis and L. Reyzin. Forward-Secure Signatures with Optimal Signing and Verifying. Crypto’01. 363
G. Itkis and L. Reyzin. SiBIR: Signer-Base Intrusion-Resilient Signatures. Crypto’02. 364
D. Jablon. Password Authentication using Multiple Servers. RSA-CT’01. 362
J. Katz, R. Ostrovsky, and M. Yung. Practical Password-Authenticated Key Exchange Provably Secure under Standard Assumptions. Eurocrypt’01. 358, 362, 366
H. Krawczyk. Simple Forward-Secure Signatures from any Signature Schemes. ACMCCS’ 00. 363
P. MacKenzie and M. Reiter. Networked Cryptographic Devices Resilient to Capture. IEEE Security and Privacy’01. 357, 358, 360, 363
P. MacKenzie and M. Reiter. Two-Party Generation of DSA Signatures. Crypto’01. 357, 360, 364
P. MacKenzie, T. Shrimpton, and M. Jakobsson. Threshold Password-Authenticated Key Exchange. Crypto’02. 358, 361, 362, 366
T. Pedersen. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. Crypto’91. 357
R. Perlman and C. Kaufman. Secure Password-based Protocol for Downloading a Private Key. NDSS’99. 362
T. Rabin. A Simplified Approach to Threshold and Proactive RSA. Crypto’98. 357, 360, 361
R.A. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. C. ACM. (21)2, 1978, pp 120–126. 357, 359
R. Sandhu, M. Bellare, and Ravi Ganesan. Password-Enabled PKI: Virtual Smartcards versus Virtual Soft Tokens. PKI Research Workshop. 2002.
C.P. Schnorr. Efficient Signature Generation by Smart Cards. J. Cryptology, 1991. 357, 360
A. Shamir. How to Share a Secret. C. ACM, 22(11):612–613, 1979. 357, 362
V. Shoup. Practical Threshold Signatures. Eurocrypt’00. 357, 360
J. Stern, D. Pointcheval, J. Malone-Lee, and N. Smart. Flaws in Applying Proof Methodologies to Signature Schemes. Crypto’02. 357
S. Xu and M. Yung. On the Dark Side of Threshold Cryptography. Financial Crypto’02.
S. Xu and M. Yung. A Provably Secure Two-Party Schnorr Signature Scheme. manuscript. 2002. 357, 360, 364
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xu, S., Sandhu, R. (2003). Two Efficient and Provably Secure Schemes for Server-Assisted Threshold Signatures. In: Joye, M. (eds) Topics in Cryptology — CT-RSA 2003. CT-RSA 2003. Lecture Notes in Computer Science, vol 2612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36563-X_25
Download citation
DOI: https://doi.org/10.1007/3-540-36563-X_25
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00847-7
Online ISBN: 978-3-540-36563-1
eBook Packages: Springer Book Archive