Threshold RSA for Dynamic and Ad-Hoc Groups

  • Rosario Gennaro
  • Shai Halevi
  • Hugo Krawczyk
  • Tal Rabin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4965)


We consider the use of threshold signatures in ad-hoc and dynamic groups such as MANETs (“mobile ad-hoc networks”). While the known threshold RSA signature schemes have several properties that make them good candidates for deployment in these scenarios, none of these schemes seems practical enough for realistic use in these highly-constrained environments. In particular, this is the case of the most efficient of these threshold RSA schemes, namely, the one due to Shoup. Our contribution is in presenting variants of Shoup’s protocol that overcome the limitations that make the original protocol unsuitable for dynamic groups. The resultant schemes provide the efficiency and flexibility needed in ad-hoc groups, and add the capability of incorporating new members (share-holders) to the group of potential signers without relying on central authorities. Namely, any threshold of existing members can cooperate to add a new member. The schemes are efficient, fully non-interactive and do not assume broadcast.


Hash Function Signature Scheme Random Oracle Honest Party Signature Fragment 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness Theorems for Noncryptographic Fault-Tolerant Distributed Computations. In: Proc. 20th STOC, pp. 1–10. ACM Press, New York (1988)Google Scholar
  2. 2.
    Blakley, G.R.: Safeguarding cryptographic keys. In: Proc. AFIPS 1979 National Computer Conference, AFIPS, pp. 313–317. (1979)Google Scholar
  3. 3.
    Boyd, C.: Digital Multisignatures. In: Baker, H., Piper, F. (eds.) Cryptography and Coding, pp. 241–246. Claredon Press, Oxford (1989)Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: 1st ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
  5. 5.
    Croft, R.A., Harris, S.P.: Public-key cryptography and re-usable shared secrets. In: Baker, H., Piper, F. (eds.) Cryptography and Coding, pp. 189–201. Claredon Press, Oxford (1989)Google Scholar
  6. 6.
    Cerecedo, M., Matsumoto, T., Imai, H.: Efficient and secure multiparty generation of digital signatures based on discrete logarithms. IEICE Trans. Fundamentals E76-A(4), 532–545 (1993)Google Scholar
  7. 7.
    Coron, J.-S.: On the Exact Security of Full Domain Hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229–235. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    De Santis, A., Desmedt, Y., Frankel, Y., Yung, M.: How to share a function securely. In: Proc. 26th STOC, pp. 522–533. ACM Press, New York (1994)Google Scholar
  9. 9.
    Desmedt, Y.: Society and group oriented cryptography: A new concept. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 120–127. Springer, Heidelberg (1988)Google Scholar
  10. 10.
    Desmedt, Y.G.: Threshold cryptography. European Transactions on Telecommunications 5(4), 449–457 (1994)MathSciNetGoogle Scholar
  11. 11.
    Desmedt, Y., Frankel, Y.: Shared generation of authenticators and signatures. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 457–469. Springer, Heidelberg (1992)Google Scholar
  12. 12.
    Fazio, N.: Personal Communication (September 2007)Google Scholar
  13. 13.
    Frankel, Y., Gemmell, P., Mackenzie, P., Yung, M.: Proactive RSA. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 440–454. Springer, Heidelberg (1997)Google Scholar
  14. 14.
    Frankel, Y., Gemmell, P., Yung, M.: Witness-based Cryptographic Program Checking and Robust Function Sharing. In: Proc. 28th STOC, pp. 499–508. ACM Press, New York (1996)Google Scholar
  15. 15.
    Gennaro, R., Halevi, S., Krawczyk, H., Rabin, T.: Threshold RSA for Dynamic and Ad-Hoc Groups. Full version,
  16. 16.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust and efficient sharing of RSA functions. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 157–172. Springer, Heidelberg (1996)Google Scholar
  17. 17.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust Threshold DSS Signatures. Information and Computation 164(1), 54–84 (2001); Extended abstract in EUROCRYPT 1996zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Gennaro, R., Krawczyk, H., Rabin, T.: RSA-based Undeniable Signatures. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 397–416. Springer, Heidelberg (1997); Final version in J. Cryptology 13(4), 397–416 (2000)Google Scholar
  19. 19.
    Gennaro, R., Krawczyk, H., Rabin, T.: Robust and Efficient Sharing of RSA Functions. Journal of Cryptology 13(2), 273–300 (2000); Conference version [16]zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM J. Computing 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Communication of the ACM 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Shamir, A.: How to Share a Secret. Communications of the ACM 22, 612–613 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Shamir, A.: On the Generation of Cryptographically Strong Pseudorandom Sequences. ACM Trans. Comput. Syst. 1(1), 38–44 (1983)CrossRefMathSciNetGoogle Scholar
  24. 24.
    Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  25. 25.
    Saxena, N., Tsudik, G., Yi, J.H.: Efficient node admission for short-lived mobile ad hoc networks. In: ICNP, 13th IEEE International Conference on Network Protocols, pp. 269–278 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Rosario Gennaro
    • 1
  • Shai Halevi
    • 1
  • Hugo Krawczyk
    • 1
  • Tal Rabin
    • 1
  1. 1.IBM T.J.Watson Research Center, HawthorneNYUSA

Personalised recommendations