Fully distributed identity-based threshold signatures with identifiable aborts

doi:10.1007/s11704-022-2370-4

Front. Comput. Sci.

2023, Vol. 17

Issue (5) : 175813 https://doi.org/10.1007/s11704-022-2370-4

RESEARCH ARTICLE

Fully distributed identity-based threshold signatures with identifiable aborts

Yan JIANG^1,², Youwen ZHU^1,^2,³(

), Jian WANG¹, Xingxin LI⁴

¹. College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106, China
². State Key Laboratory of Integrated Services Networks (Xidian University), Xi’an 710071, China
³. Guangxi Key Laboratory of Trusted Software, Guilin University of Electronic Technology, Guilin 541004, China
⁴. Department of Mathematical Informatics, University of Tokyo, Tokyo 113-8654, Japan

Download: PDF(13073 KB) HTML
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Abstract

Identity-based threshold signature (IDTS) is a forceful primitive to protect identity and data privacy, in which parties can collaboratively sign a given message as a signer without reconstructing a signing key. Nevertheless, most IDTS schemes rely on a trusted key generation center (KGC). Recently, some IDTS schemes can achieve escrow-free security against corrupted KGC, but all of them are vulnerable to denial-of-service attacks in the dishonest majority setting, where cheaters may force the protocol to abort without providing any feedback. In this work, we present a fully decentralized IDTS scheme to resist corrupted KGC and denial-of-service attacks. To this end, we design threshold protocols to achieve distributed key generation, private key extraction, and signing generation which can withstand the collusion between KGCs and signers, and then we propose an identification mechanism that can detect the identity of cheaters during key generation, private key extraction and signing generation. Finally, we formally prove that the proposed scheme is threshold unforgeability against chosen message attacks. The experimental results show that the computation time of both key generation and signing generation is <1 s, and private key extraction is about 3 s, which is practical in the distributed environment.

Keywords threshold signatures single points of failure identifiable aborts

Corresponding Author(s): Youwen ZHU

Just Accepted Date: 08 November 2022 Issue Date: 16 February 2023

Cite this article:

Yan JIANG,Youwen ZHU,Jian WANG, et al. Fully distributed identity-based threshold signatures with identifiable aborts[J]. Front. Comput. Sci., 2023, 17(5): 175813.

URL:

https://academic.hep.com.cn/fcs/EN/10.1007/s11704-022-2370-4
https://academic.hep.com.cn/fcs/EN/Y2023/V17/I5/175813

Fig.1 The generic diagram of identity-based signatures

Scheme	Primitive	F1	F2	F3	F4	F5
[19]	IDC	$×$	$√$	$×$	$×$	$×$
[20]	IDC	$√$	$√$	$×$	$×$	$√$
[21]	IDC	$√$	$√$	$×$	$×$	$√$
[22]	IDC	$×$	$√$	$×$	$×$	$×$
[23]	IDC	$×$	$√$	$×$	$×$	$×$
[24]	IDC	$√$	$√$	$×$	$√$	$×$
[25]	IDC	$×$	$√$	$×$	$×$	$×$
[26]	IDC	$×$	$√$	$×$	$×$	$×$
[27]	IDC	$×$	$√$	$×$	$×$	$×$
[28]	IDC	$×$	$×$	$×$	$×$	$×$
[29]	IDC	$×$	$√$	$×$	$×$	$×$
[31]	PKI	$?$	$√$	$√$	$√$	$√$
[32]	PKI	$?$	$√$	$√$	$√$	$√$
This work	IDC	$√$	$√$	$√$	$√$	$√$

Tab.1 Comparison with the existing protocols

Notation	Description
$p, q$	Two big primes
$Z q ?$	A group of prime order $q$
$G 1$ , $G 2$ , $G T$	Three cyclic groups of order $q$
$e$	A bilinear pairing: $G 1 × G 2 → G T$
$P, Q$	Generators of $G 1$ , $G 2$ , respectively
$H i$	Secure hash functions
$I D i$	Identity of user $i$
$K G C i$	The $i$ th KGC
$P i$	The $i$ th signer of a user
$k, t$	Two security thresholds
$[x]$	${1, …, x}$
$s i$	The additive share of the master key $s$
$δ i$	The additive share of the private key $d I D$

Tab.2 Notations in the protocol

Fig.2 The framework of our protocol

Fig.3 Threshold Setup protocol

Fig.4 Threshold private key extraction protocol

Fig.5 Threshold signature generation protocol

Fig.6 Total costs for each party of the protocol growth with

k

L

t

and

n

. (a)

T-Setup

time growth with L and k; (b)

T-Setup

communication growth with L and k; (c)

T-Extract

time growth with k in different settings of (n, t); (d)

T-Extract

communication growth with k in different settings of (n, t); (e)

T-Extract

time growth with t in different settings of (n = 10, k); (f)

T-Extract

time growth with t in different settings of (n = 20, k); (g)

T-Extract

communication growth with t in different settings of (n = 10, k); (h)

T-Extract

communication growth with t in different settings of (n = 20, k); (i)

T-Extract

time growth with n in different settings of (t/n = 1/2, k); (j)

T-Extract

time growth with n in different settings of (t/n = 1, k); (k)

T-Extract

communication growth with n in different settings of (t/n = 1/2, k); (l)

T-Extract

communication growth with n in different settings of (t/n = 1, k); (m)

T-Sign

time growth with t; (n)

T-Sign

communication growth with t

1	Group on E-CNY Research and Development of the People’s Bank of China Working . Progress of research & development of E-CNY in China. See en.wikisource.org/wiki/Progress_on_Research_and_ Development_of_E-CNY_in_China website, 2021
2	S Nakamoto . Bitcoin: a peer-to-peer electronic cash system. See bitcoin.org/bitcoin website, 2009
3	Y H, Mu H X, Xu P L, Li T J Ma . Secure two-party SM9 signing. Science China Information Sciences, 2020, 63( 8): 189101
4	H, Yin Z, Qin J, Zhang L, Ou F, Li K Li . Secure conjunctive multi-keyword ranked search over encrypted cloud data for multiple data owners. Future Generation Computer Systems, 2019, 100: 689–700
5	F, Song Z, Qin D, Liu J, Zhang X, Lin X Shen . Privacy-preserving task matching with threshold similarity search via vehicular crowdsourcing. IEEE Transactions on Vehicular Technology, 2021, 70( 7): 7161–7175
6	Y Lindell . Fast secure two-party ECDSA signing. In: Proceedings of the 37th Annual International Cryptology Conference. 2017, 613–644
7	L, Ou H, Yin Z, Qin S, Xiao G, Yang Y Hu . An efficient and privacy-preserving multiuser cloud-based LBS query scheme. Security and Communication Networks, 2018, 2018: 4724815
8	L T A N, Brandão M, Davidson A Vassilev . NIST roadmap toward criteria for threshold schemes for cryptographic primitives. See csrc.nist.gov/publications/detail/nistir/8214a/final website, 2020
9	R, Gennaro S, Jarecki H, Krawczyk T Rabin . Robust threshold DSS signatures. In: Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques. 1996, 354–371
10	P, MacKenzie M K Reiter . Two-party generation of DSA signatures. In: Proceedings of the 21st Annual International Cryptology Conference. 2001, 137–154
11	A, Kate I Goldberg . Distributed private-key generators for identity-based cryptography. In: Proceedings of the 7th International Conference on Security and Cryptography for Networks. 2010, 436–453
12	D, Boneh M Franklin . Identity-based encryption from the Weil pairing. In: Proceedings of the 21st Annual International Cryptology Conference. 2001, 213–229
13	R, Gennaro S, Jarecki H, Krawczyk T Rabin . Secure distributed key generation for discrete-log based cryptosystems. In: Proceedings of the 17th International Conference on the Theory and Application of Cryptographic Techniques. 1999, 295–310
14	F Hess . Efficient identity based signature schemes based on pairings. In: Proceedings of the 9th Annual International Workshop on Selected Areas in Cryptography. 2002, 310–324
15	J C, Choon Cheon J Hee . An identity-based signature from gap Diffie-Hellman groups. In: Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography. 2003, 18–30
16	K G, Paterson J C N Schuldt . Efficient identity-based signatures secure in the standard model. In: Proceedings of the 11th Australasian Conference on Information Security and Privacy. 2006, 207–222
17	P S L M, Barreto B, Libert N, McCullagh J J Quisquater . Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. In: Proceedings of the 11th International Conference on the Theory and Application of Cryptology and Information Security. 2005, 515–532
18	Y, Ishai R, Ostrovsky V Zikas . Secure multi-party computation with identifiable abort. In: Proceedings of the 34th Annual Cryptology Conference on Advances in Cryptology. 2014, 369–386
19	J, Baek Y Zheng . Identity-based threshold signature scheme from the bilinear pairings. In: Proceedings of International Conference on Information Technology: Coding and Computing. 2004, 124–128
20	X, Chen F, Zhang D M, Konidala K Kim . New ID-based threshold signature scheme from bilinear pairings. In: Proceedings of the 5th International Conference on Cryptology in India. 2004, 371–383
21	Shao J, Cao Z, Wang L. Efficient ID-based threshold signature schemes without pairings. See eprint.iacr.org website, 2006
22	W, Gao G, Wang X, Wang Z Yang . One-round ID-based threshold signature scheme from bilinear pairings. Informatica, 2009, 20( 4): 461–476
23	H, Xiong F, Li Z Qin . Provably secure identity based threshold signature withoutrandom oracles. International Journal of Computers and Applications, 2009, 31( 4): 290–295
24	H, Xiong Z, Qin F Li . Identity-based threshold signature secure in the standard model. International Journal of Network Security, 2010, 10( 1): 75–80
25	F, Li W, Gao G L, Wang K F, Chen X L Wang . Efficient identity-based threshold signature scheme from bilinear pairings in standard model. International Journal of Internet Protocol Technology, 2014, 8(2–3): 2–3
26	Y, Zhang D, He S, Zeadally D, Wang K K R Choo . Efficient and provably secure distributed signing protocol for mobile devices in wireless networks. IEEE Internet of Things Journal, 2018, 5( 6): 5271–5280
27	D, He Y, Zhang D, Wang K K R Choo . Secure and efficient two-party signing protocol for the identity-based signature scheme in the IEEE P1363 standard for public key cryptography. IEEE Transactions on Dependable and Secure Computing, 2020, 17( 5): 1124–1132
28	Q, Feng D, He H, Wang D, Wang X Huang . Multi-party key generation protocol for the identity-based signature scheme in the IEEE P1363 standard for public key cryptography. IET Information Security, 2020, 14( 6): 724–732
29	Q, Feng D, He Z, Liu D, Wang K K R Choo . Distributed signing protocol for IEEE P1363-compliant identity-based signature scheme. IET Information Security, 2020, 14( 4): 443–451
30	Y G Desmedt . Threshold cryptography. European Transactions on Telecommunications, 1994, 5( 4): 449–458
31	Gennaro R, Goldfeder S. One round threshold ECDSA with identifiable abort. See eprint.iacr.org website, 2020
32	Canetti R, Gennaro R, Goldfeder S, Makriyannis N, Peled U. UC non-interactive, proactive, threshold ECDSA with identifiable aborts. In: Proceedings of 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020, 1769–1787
33	F, Zhang J Zhang . Efficient and information-theoretical secure verifiable secret sharing over bilinear groups. Chinese Journal of Electronics, 2014, 23( 1): 13–17
34	P Feldman . A practical scheme for non-interactive verifiable secret sharing. In: Proceedings of the 28th Annual Symposium on Foundations of Computer Science. 1987, 427–438
35	Gennaro R, Goldfeder S. Fast multiparty threshold ECDSA with fast trustless setup. In: Proceedings of 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018, 1179–1194
36	P Paillier . Public-key cryptosystems based on composite degree residuosity classes. In: Proceedings of International Conference on the Theory and Application of Cryptographic Techniques. 1999, 223–238
37	R, Gennaro S, Goldfeder B Ithurburn . Fully distributed group signatures. See orbs.com/white-papers/fully-distributed-group-signatures/ website, 2019
38	A, Fiat A Shamir . How to prove yourself: practical solutions to identification and signature problems. In: Proceedings of Annual International Cryptology Conference. 1986, 186–194
39	C P Schnorr . Efficient signature generation by smart cards. Journal of Cryptology, 1991, 4( 3): 161–174
40	S, Goldberg L, Reyzin O, Sagga F Baldimtsi . Efficient noninteractive certification of RSA moduli and beyond. In: Proceedings of the 25th International Conference on the Theory and Application of Cryptology and Information Security. 2019, 700–727
41	Lindell Y, Nof A. Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: Proceedings of 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018, 1837–1854
42	G, Castagnos D, Catalano F, Laguillaumie F, Savasta I Tucker . Bandwidth-efficient threshold EC-DSA revisited: online/offline extensions, identifiable aborts proactive and adaptive security. Theoretical Computer Science, 2022, doi:

[1]

FCS-22370-OF-YJ_suppl_1

Download

Viewed

Full text

Abstract

Cited

Shared

Discussed