Paper 2000/031

Forward Security in Threshold Signature Schemes

Michel Abdalla, Sara Miner, and Chanathip Namprempre

Abstract

We consider the usage of forward security with threshold signature schemes. This means that even if more than the threshold number of players are compromised, some security remains: it is not possible to forge signatures relating to the past. In this paper, we describe the first forward-secure threshold signature schemes whose parameters (other than signing or verifying time) do not vary in length with the number of time periods in the scheme. Both are threshold versions of the Bellare-Miner forward-secure signature scheme, which is Fiat-Shamir-based. One scheme uses multiplicative secret sharing, and tolerates mobile eavesdropping adversaries. The second scheme is based on polynomial secret sharing, and we prove it forward-secure based on the security of the Bellare-Miner scheme. We then sketch modifications which would allow this scheme to tolerate malicious adversaries. Finally, we give several general constructions which add forward security to any existing threshold scheme.

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
threshold cryptographyforward security
Contact author(s)
cnamprem @ cs ucsd edu
History
2000-06-16: received
Short URL
https://ia.cr/2000/031
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2000/031,
      author = {Michel Abdalla and Sara Miner and Chanathip Namprempre},
      title = {Forward Security in Threshold Signature Schemes},
      howpublished = {Cryptology ePrint Archive, Paper 2000/031},
      year = {2000},
      note = {\url{https://eprint.iacr.org/2000/031}},
      url = {https://eprint.iacr.org/2000/031}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.