Homomorphisms of Secret Sharing Schemes: A Tool for Verifiable Signature Sharing

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1070)


Franklin and Reiter introduced at Eurocrypt’ 95 verifiable signature sharing, a primitive for a fault tolerant distribution of signa- ture verification. They proposed various practical protocols. For RSA signatures with exponent e = 3 and n processors their protocol allows for up to (n − 1)/5 faulty processors (in general (n − 1)/(2 + e)).

We consider a new unifying approach which uses homomorphisms of secret sharing schemes, and present a verifiable signature sharing scheme for which as many as (n − 1)/3 processors can be faulty (for any value of e), and for which the number of interactions is reduced.


Signature Scheme Sharing Scheme Secret Sharing Scheme Threshold Scheme Verifiable Signature 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    J.C. Benaloh: Secret sharing homomorphisms: Keeping shares of a secret secret. In: A. Odlyzko (ed.): Advances in Cryptology, Proc. of Crypto’ 86. Lecture Notes in Computer Science 263, Berlin: Springer 1987, pp. 251–260Google Scholar
  2. 2.
    M. Ben-Or, S. Goldwasser, A. Wigderson: Completeness theorems for non-cryptographic fault-tolerant distributed computation. Proceedings of the twentieth annual ACM Symp. Theory of Computing, STOC, 1988, pp. 1–10.Google Scholar
  3. 3.
    G. R. Blakley: Safeguarding cryptographic keys. In: Proc. Nat. Computer Conf. AFIPS Conf. Proc., 48, 1979, pp. 313–317Google Scholar
  4. 4.
    D. Chaum, C. Crépeau and I. Damgård: Multiparty unconditionally secure protocols. Proceedings of the twentieth annual ACM Symp. Theory of Computing, STOC, 1988, pp. 11–19Google Scholar
  5. 5.
    Y. Desmedt, G. Di Crescenzo, and M. Burmester: Multiplicative non-abelian sharing schemes and their application to threshold cryptography. In: J. Pieprzyk, R. Safavi-Naini (eds.): Advances in Cryptology — Asiacrypt’ 94. Lecture Notes in Computer Science 917. Berlin: Springer 1995, pp. 21–32CrossRefGoogle Scholar
  6. 6.
    A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung: How to share a function securely. In: Proceedings of the twenty-sixth annual ACM Symp. Theory of Computing (STOC), 1994, pp. 522–533. Full paper in preparation.Google Scholar
  7. 7.
    Y. G. Desmedt: Threshold cryptography. European Trans. on Telecommunications, 5(4), pp. 449–457 (1994)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Y. G. Desmedt, Y. Frankel: Homomorphic zero-knowledge threshold schemes over any finite abelian group. SIAM Journal on Discrete Mathematics, 7(4), 667–679, (1994)CrossRefzbMATHMathSciNetGoogle Scholar
  9. 9.
    M. De Soete, J-J. Quisquater, and K. Vedder: A signature with shared verification scheme. In: G. Brassard (ed.): Advances in Cryptology — Crypto’ 89. Lecture Notes in Computer Science 435. Berlin: Springer 1990, pp. 253–262Google Scholar
  10. 10.
    M. K. Franklin and M. K. Reiter: Verifiable signature sharing. In: L.C. Guillou, J.J. Quisquater (eds.): Advances in Cryptology — Eurocrypt’ 95. Lecture Notes in Computer Science 921. Berlin: Springer 1995, pp. 50–63Google Scholar
  11. 11.
    M. K. Franklin and M. K. Reiter: The design and implementation of a secure auction service. IEEE Symposium on Security and Privacy. Oakland CA, 1995Google Scholar
  12. 12.
    M. K. Franklin and M. K. Reiter: A linear protocol failure for RSA with exponent three. Presented at the Rump session of Crypto’ 95, Santa Barbara, California, USA, August 27–31, 1995.Google Scholar
  13. 13.
    Z. Galil, S. Haber, and M. Yung: Minimum-knowledge interactive proofs for decision problems. Siam J. Comput., 18(4), 711–739 (1989)CrossRefzbMATHMathSciNetGoogle Scholar
  14. 14.
    O. Goldreich, S. Micali and A. Wigderson: How to play any mental game. Proceedings of the Nineteenth annual ACM Symp. Theory of Computing, STOC, 1987, pp. 218–229Google Scholar
  15. 15.
    S. Goldwasser, S. Micali, and C. Rackoff: The knowledge complexity of interactive proof systems. Siam J. Comput., 18(1), 186–208 (1989)CrossRefzbMATHMathSciNetGoogle Scholar
  16. 16.
    L. Harn: Digital signature with (t,n) shared verification based on discrete logarithms. Electronics Letters, 29(24), 2094–2095 (1993)CrossRefMathSciNetGoogle Scholar
  17. 17.
    N. Jacobson: Basic Algebra I. W. H. Freeman and Company, New York (1985)Google Scholar
  18. 18.
    T. P. Pedersen: Distributed provers with applications to undeniable signatures. In: D.W. Davies (ed.): Advances in Cryptology — Eurocrypt’ 91. Lecture Notes in Computer Science 547, Berlin: Springer 1991, pp. 221–242Google Scholar
  19. 19.
    A. Shamir: How to share a secret. Commun. ACM, 22, 612–613 (1979)CrossRefzbMATHMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  1. 1.Information Security Group, Department of Mathematics Royal HollowayUniversity of LondonEgham, SurreyUK

Personalised recommendations