Threshold Fail-Stop Signature Schemes Based on Discrete Logarithm and Factorization

  • Rei Safavi-Naini
  • Willy Susilo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1975)


Security of ordinary digital signature schemes relies on a computational assumption. Fail-Stop Signature (FSS) schemes provide security for a sender against a forger with unlimited computational power by enabling the sender to provide a proof of forgery, if it occurs. In this paper, first we propose a new FSS scheme whose security is based on discrete logarithm modulo a composite number, and integer factorization. We provide a security proof of the scheme, and show that it is as efficient as the most efficient previously known FSS scheme. Next, we construct a Threshold FSS that requires collaboration of t out of n participants to generate a signature and to prove forgery if it occurs. The scheme is equipped with cheater detection (incorrect partial signature) which is essential for an effective proof of forgery in Threshold FSS and only requires trusted authority during pre-key generation.


Signature Scheme Discrete Logarithm Security Parameter Discrete Logarithm Problem Digital Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    N. Barić and B. Pfitzmann. Collision-Free Accumulators and Fail-Stop Signature Schemes without Trees. Advances in Cryptology-Eurocrypt’ 97, Lecture Notes in Computer Science 1233, pages 480–494, 1997.Google Scholar
  2. 2.
    D. Boneh and M. Franklin. Efficient generation of shared RSA keys. Advances in Cryptology-Crypto’ 97, Lecture Notes in Computer Science 1294, pages 425–439, 1997.CrossRefGoogle Scholar
  3. 3.
    C. Boyd. Digital multisignatures. Cryptography and Coding, ed. H. Beker and F. Piper, Clarendon Press, Oxford, pages 241–246, 1989.Google Scholar
  4. 4.
    D. Chaum, E. van Heijst, and B. Pfitzmann. Cryptographically strong undeniable signatures, unconditionally secure for the signer. Interner Bericht, Fakultät für Informatik, 1/91, 1990.Google Scholar
  5. 5.
    R. Croft and S. Harris. Public-key cryptography and reusable shared secrets. Cryptography and Coding, pages 189–201, 1989.Google Scholar
  6. 6.
    Y. Desmedt. Society and group oriented cryptography: A new concept. Advances in Cryptology-Crypto’ 87, Lecture Notes in Computer Science 293, pages 120–127, 1987.Google Scholar
  7. 7.
    W. Diffie and M. Hellman. New directions in cryptography. IEEE IT, 22:644–654, 1976.zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    N. Gilboa. Two party RSA key generation. Advances in Cryptology-Crypto’ 99, Lecture Notes in Computer Science, pages 116–129, 1999.Google Scholar
  9. 9.
    M. Girault. An Identity-based Identification Scheme based on Discrete Logarithms modulo a Composite Number. Advances in Cryptology-Eurocrypt’ 90, Lecture Notes in Computer Science 437, pages 63–71, 1991.Google Scholar
  10. 10.
    S. Goldwasser, S. Micali, and R. L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing, 17:281–308, 1998.CrossRefMathSciNetGoogle Scholar
  11. 11.
    L. Harn. Group-oriented (t, n) threshold digital signature scheme and digital multisignature. IEE Proc.-Comput. Digit. Tech., 141(5):307–313, September 1994.zbMATHCrossRefGoogle Scholar
  12. 12.
    L. Lamport. Constructing digital signatures from a one-way function. PSRI International CSL-98, 1979.Google Scholar
  13. 13.
    A. Lenstra and E. Verheul. Selecting cryptographic key sizes. online: Extended abstract appeared in Commercial Applications, Price Waterhouse Coopers, CCE Quarterly Journals, 3:3–9, 1999.Google Scholar
  14. 14.
    T. P. Pedersen and B. Pfitzmann. Fail-stop signatures. SIAM Journal on Computing, 26/2:291–330, 1997.zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    B. Pfitzmann. Fail-stop signatures: Principles and applications. Proc. Compsec’ 91, 8th world conference on computer security, audit and control, pages 125–134, 1991.Google Scholar
  16. 16.
    B. Pfitzmann. Fail-stop signatures without trees. Hildesheimer Informatik-Berichte, Institut für Informatik, 16/94, 1994.Google Scholar
  17. 17.
    B. Pfitzmann. Digital Signature Schemes-General Framework and Fail-Stop Signatures. Lecture Notes in Computer Science 1100, Springer-Verlag, 1996.zbMATHGoogle Scholar
  18. 18.
    B. Pfitzmann and M. Waidner. Formal aspects of fail-stop signatures. Interner Bericht, Fakultät für Informatik, 22/90, 1990.Google Scholar
  19. 19.
    W. Susilo, R. Safavi-Naini, and J. Pieprzyk. Fail-stop threshold signature schemes based on elliptic curve. Information Security and Privacy, ACISP’ 99, Lecture Notes in Computer Science 1587, pages 103–116, 1999.CrossRefGoogle Scholar
  20. 20.
    E. van Heijst and T. Pedersen. How to make efficient fail-stop signatures. Advances in Cryptology-Eurocrypt’ 92, pages 337–346, 1992.Google Scholar
  21. 21.
    E. van Heijst, T. Pedersen, and B. Pfitzmann. New constructions of fail-stop signatures and lower bounds. Advances in Cryptology-Crypto’ 92, Lecture Notes in Computer Science 740, pages 15–30, 1993.Google Scholar
  22. 22.
    M. Waidner and B. Pfitzmann. The dining cryptographers in the disco: Unconditional sender and recipient untraceability with computationally secure serviceability. Advances in Cryptology-Eurocrypt’ 89, Lecture Notes in Computer Science 434, 1990.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Rei Safavi-Naini
    • 1
  • Willy Susilo
    • 1
  1. 1.Centre for Computer Security Research School of Information Technology and Computer ScienceUniversity of WollongongWollongongAUSTRALIA

Personalised recommendations