Practical Distributed Signatures in the Standard Model

  • Yujue Wang
  • Duncan S. Wong
  • Qianhong Wu
  • Sherman S. M. Chow
  • Bo Qin
  • Jianwei Liu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8366)


A distributed signature scheme allows participants in a qualified set to jointly generate a signature which cannot be forged even when all the unqualified participants collude together. In this paper, we propose an efficient scheme for any monotone access structure and show its unforgeability and robustness under the computational Diffie-Hellman (CDH) assumption in the standard model. For 112-bit security, its secret key shares and signature fragments are as short as 255 bits and 510 bits, which are shorter than existing schemes assuming random oracle. We then propose two extensions. The first one allows new participants to dynamically join the system without any help from the dealer. The second one supports a type of multipartite access structures, where the participant set is divided into multiple disjoint groups, and each group is bounded so that a distributed signature cannot be generated unless a pre-defined number of participants from multiple groups work together.


Distributed signature threshold signature secret sharing monotone span program multipartite access structure standard model 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for Key Management-Part 1: General (Revision 3). NIST Special Publication 800-57, 1-147 (2012),
  2. 2.
    Beimel, A., Weinreb, E.: Monotone Circuits for Monotone Weighted Threshold Functions. Information Processing Letters 97, 12–18 (2006)CrossRefzbMATHMathSciNetGoogle Scholar
  3. 3.
    Beimel, A., Tassa, T., Weinreb, E.: Characterizing Ideal Weighted Threshold Secret Sharing. SIAM J. Discrete Math. 22, 360–397 (2008)CrossRefzbMATHMathSciNetGoogle Scholar
  4. 4.
    Beimel, A.: Secret-Sharing Schemes: A Survey. In: Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 11–46. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Benaloh, J., Leichter, J.: Generalized Secret Sharing and Monotone Functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27–35. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  6. 6.
    Beutelspacher, A., Wettl, F.: On 2-level Secret Sharing. Designs, Codes and Cryptography 3, 127–134 (1993)CrossRefzbMATHMathSciNetGoogle Scholar
  7. 7.
    Blakley, G.R.: Safeguarding Cryptographic Keys. In: National Computer Conference, vol. 48, pp. 313–317. AFIPS Press (1979)Google Scholar
  8. 8.
    Bellare, M., Fuchsbauer, G.: Policy-based Signatures. Cryptology ePrint Archive, Report 2013/413 (2013)Google Scholar
  9. 9.
    Boyen, X.: Mesh Signatures. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 210–227. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Brickell, E.F.: Some Ideal Secret Sharing Schemes. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 468–475. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  11. 11.
    Damgård, I., Dupont, K.: Efficient Threshold RSA Signatures with General Moduli and No Extra Assumptions. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 346–361. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Damgård, I., Thorbek, R.: Linear Integer Secret Sharing and Distributed Exponentiation. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 75–90. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Daza, V., Herranz, J., Sáez, G.: Protocols Useful on the Internet from Distributed Signature Schemes. Int. J. Inf. Secur. 3, 61–69 (2004)Google Scholar
  14. 14.
    Desmedt, Y.: Society and Group Oriented Cryptography: A New Concept. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 120–127. Springer, Heidelberg (1988)Google Scholar
  15. 15.
    Desmedt, Y., Frankel, Y.: Threshold Cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, Heidelberg (1990)Google Scholar
  16. 16.
    El Gamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory IT-31(4), 469–472 (1985)Google Scholar
  17. 17.
    Farràs, O., Padró, C., Xing, C., Yang, A.: Natural Generalizations of Threshold Secret Sharing. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 610–627. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Farràs, O., Padró, C.: Ideal Hierarchical Secret Sharing Schemes. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 219–236. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Farràs, O., Martí-Farré, J., Padró, C.: Ideal Multipartite Secret Sharing Schemes. Journal of Cryptology 25(3), 434–463 (2012)Google Scholar
  20. 20.
    Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for Cryptographers. Discrete Applied Mathematics 156(16), 3113–3121 (2008)CrossRefzbMATHMathSciNetGoogle Scholar
  21. 21.
    Gennaro, R., Halevi, S., Krawczyk, H., Rabin, T.: Threshold RSA for Dynamic and Ad-Hoc Groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 88–107. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust and Efficient Sharing of RSA Functions. J. Cryptol. 13, 273–300 (2000)Google Scholar
  23. 23.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust Threshold DSS Signatures. Information and Computation 164, 54–84 (2001)Google Scholar
  24. 24.
    Herranz, J., Padró, C., Sáez, G.: Distributed RSA Signature Schemes for General Access Structures. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 122–136. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  25. 25.
    Herranz, J., Sáez, G.: Verifiable Secret Sharing for General Access Structures, with Application to Fully Distributed Proxy Signatures. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 286–302. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  26. 26.
    Herranz, J., Sáez, G.: Revisiting Fully Distributed Proxy Signature Schemes. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 356–370. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  27. 27.
    Hohenberger, S., Waters, B.: Short and Stateless Signatures from the RSA Assumption. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 654–670. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  28. 28.
    Ito, M., Saito, A., Nishizeki, T.: Secret Sharing Scheme Realizing General Access Structure. In: IEEE Global Telecommunications Conference, pp. 99–102 (1987)Google Scholar
  29. 29.
    Herranz, J., Laguillaumie, F., Libert, B., Ràfols, C.: Short Attribute-Based Signatures for Threshold Predicates. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 51–67. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  30. 30.
    Karchmer, M., Wigderson, A.: On Span Programs. In: Proc. of the 8th IEEE Structure in Complexity Theory, pp. 102–111 (1993)Google Scholar
  31. 31.
    Li, J., Yuen, T.H., Kim, K.: Practical Threshold Signatures without Random Oracles. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 198–207. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  32. 32.
    Maji, H.K., Prabhakaran, M., Rosulek, M.: Attribute-Based Signatures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 376–392. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  33. 33.
    Morillo, P., Padró, C., Sáez, G., Villar, J.L.: Weighted Threshold Secret Sharing Schemes. Information Processing Letters 70, 211–216 (1999)CrossRefzbMATHMathSciNetGoogle Scholar
  34. 34.
    Okamoto, T., Takashima, K.: Efficient Attribute-Based Signatures for Non-monotone Predicates in the Standard Model. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 35–52. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  35. 35.
    Okamoto, T., Takashima, K.: Decentralized Attribute-Based Signatures. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 125–142. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  36. 36.
    Padró, C., Sáez, G., Villar, J.L.: Detection of Cheaters in Vector Space Secret Sharing Schemes. Designs, Codes and Cryptography 16(1), 75–85 (1999)CrossRefzbMATHMathSciNetGoogle Scholar
  37. 37.
    Pointcheval, D., Stern, J.: Security Arguments for Digital Signatures and Blind Signatures. Journal of Cryptology 13(3), 361–396 (2000)CrossRefzbMATHGoogle Scholar
  38. 38.
    Qin, B., Wu, Q., Zhang, L., Farràs, O., Domingo-Ferrer, J.: Provably Secure Threshold Public-Key Encryption with Adaptive Security and Short Ciphertexts. Information Sciences 210, 67–80 (2012)CrossRefzbMATHMathSciNetGoogle Scholar
  39. 39.
    Saxena, N., Tsudik, G., Yi, J.H.: Efficient Node Admission for Short-lived Mobile Ad Hoc Networks. In: 13th IEEE International Conference on Network Protocols, ICNP, pp. 269–278 (2005)Google Scholar
  40. 40.
    Schnorr, C.P.: Efficient Signature Generation by Smart Cards. J. Cryptol. 4, 161–174 (1991)CrossRefzbMATHMathSciNetGoogle Scholar
  41. 41.
    Shamir, A.: How to Share a Secret. Commun. of the ACM 22, 612–613 (1979)CrossRefzbMATHMathSciNetGoogle Scholar
  42. 42.
    Shoup, V.: Practical Threshold Signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  43. 43.
    Simmons, G.J., Jackson, W.-A., Martin, K.M.: The Geometry of Shared Secret Schemes. Bulletin of the Institute of Combinatorics and Its Applications 1, 71–88 (1991)zbMATHMathSciNetGoogle Scholar
  44. 44.
    Simmons, G.J.: How to (Really) Share a Secret. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 390–448. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  45. 45.
    Stinson, D.R., Strobl, R.: Provably Secure Distributed Schnorr Signatures and a (t,n) Threshold Scheme for Implicit Certificates. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 417–434. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  46. 46.
    Tassa, T., Dyn, N.: Multipartite Secret Sharing by Bivariate Interpolation. J. Cryptol. 22, 227–258 (2009)Google Scholar
  47. 47.
    Tassa T.: Hierarchical Threshold Secret Sharing. Journal of Cryptology 20, 237–264 (2007)Google Scholar
  48. 48.
    Waters, B.: Efficient Identity-based Encryption without Random Oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Yujue Wang
    • 1
    • 2
  • Duncan S. Wong
    • 2
  • Qianhong Wu
    • 3
  • Sherman S. M. Chow
    • 4
  • Bo Qin
    • 5
  • Jianwei Liu
    • 3
  1. 1.Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of ComputerWuhan UniversityChina
  2. 2.Department of Computer ScienceCity University of Hong KongHong KongChina
  3. 3.School of Electronics and Information EngineeringBeihang UniversityChina
  4. 4.Department of Information EngineeringChinese University of Hong KongHong KongChina
  5. 5.School of InformationRenmin University of ChinaBeijingChina

Personalised recommendations