Fully distributed identity-based threshold signatures with identifiable aborts  

作　　者：Yan JIANG Youwen ZHU Jian WANG Xingxin LI 

机构地区：[1]College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China [2]State Key Laboratory of Integrated Services Networks(Xidian University),Xi’an 710071,China [3]Guangxi Key Laboratory of Trusted Software,Guilin University of Electronic Technology,Guilin 541004,China [4]Department of Mathematical Informatics,University of Tokyo,Tokyo 113-8654,Japan

出　　处：《Frontiers of Computer Science》2023年第5期179-195,共17页中国计算机科学前沿（英文版）

基　　金：support by the National Key R&D Program of China(No.2021YFB3100400);the National Natural Science Foundation of China(Grant Nos.62172216,U20A201092);the Jiangsu Provincial Key Research and Development Program(Nos.BE2022068,BE2022068-2);the Key R&D Program of Guangdong Province(No.2020B0101090002);the Natural Science Foundation of Jiangsu Province(No.BK20211180);the Research Fund of Guangxi Key Laboratory of Trusted Software(No.KX202034);the Research Fund of State Key Laboratory of Integrated Services Networks(Xidian University)(No.ISN23-20);the Fund of Prospective Layout of Scientific Research for NUAA(Nanjing University of Aeronautics and Astronautics);JSPS Postdoctoral Fellowships(No.P21073).

摘　　要：Identity-based threshold signature(IDTS)is a forceful primitive to protect identity and data privacy,in which parties can collaboratively sign a given message as a signer without reconstructing a signing key.Nevertheless,most IDTS schemes rely on a trusted key generation center(KGC).Recently,some IDTS schemes can achieve escrow-free security against corrupted KGC,but all of them are vulnerable to denial-of-service attacks in the dishonest majority setting,where cheaters may force the protocol to abort without providing any feedback.In this work,we present a fully decentralized IDTS scheme to resist corrupted KGC and denialof-service attacks.To this end,we design threshold protocols to achieve distributed key generation,private key extraction,and signing generation which can withstand the collusion between KGCs and signers,and then we propose an identification mechanism that can detect the identity of cheaters during key generation,private key extraction and signing generation.Finally,we formally prove that the proposed scheme is threshold unforgeability against chosen message attacks.The experimental results show that the computation time of both key generation and signing generation is<1 s,and private key extraction is about 3 s,which is practical in the distributed environment.

关 键 词：threshold signatures single points of failure identifiable aborts 

分 类 号：TN9[电子电信—信息与通信工程]