Harn L. Group-oriented (t, n) threshold digital signature scheme and digital multisignature. IEE Proceedings of Computers and Digital and Technique, 1994,141(5): 307-313  Home/Search   Document Not in Database   Summary   Related Articles   Check

....is in the random oracle model only because the latter is used in the proof of security of the base signature scheme. We also show how proactive security can be added to our scheme using general methods of [HJKY, HJJKY] Related work. There exist many threshold signature scheme constructions, i.e. [DF89, H, DF91, FD, FGMY, R, GJKR96, Sh]. The proposals of [DF89, H] lack security proofs, the schemes of [DF89, DF91, FD] are non robust while those of [FGMY, R] are robust and proactive but require a lot of interaction. We compare our scheme with the threshold DSS signature scheme of Gennaro et al. GJKR96] and with the threshold RSA ....

....in the proof of security of the base signature scheme. We also show how proactive security can be added to our scheme using general methods of [HJKY, HJJKY] Related work. There exist many threshold signature scheme constructions, i.e. DF89, H, DF91, FD, FGMY, R, GJKR96, Sh] The proposals of [DF89, H] lack security proofs, the schemes of [DF89, DF91, FD] are non robust while those of [FGMY, R] are robust and proactive but require a lot of interaction. We compare our scheme with the threshold DSS signature scheme of Gennaro et al. GJKR96] and with the threshold RSA scheme of Shoup [Sh] The ....

[Article contains additional citation context not shown here]

L. Harn, \Group-oriented (t,n) threshold digital signature scheme and digital multisignature," IEE Proc. Computers and Digital Techniques, 141(5), 1994.

....phase during which all signers work together to prove validity of the signature to an outsider. Harn and Yang [48] propose two (t; n) threshold schemes, with t = 1 and t = n. Their schemes do not require a trusted third party and the algorithm is based on the discrete logarithm problem. Harn [47] proposes three simultaneous multisignature schemes, based on the difficulty of discrete logarithm. Two of these schemes do not require a trusted third party. We briefly review one of the schemes. of these schemes. We use the notation of Harn [47] Let KDC denote the Key Distribution Center. The ....

....is based on the discrete logarithm problem. Harn [47] proposes three simultaneous multisignature schemes, based on the difficulty of discrete logarithm. Two of these schemes do not require a trusted third party. We briefly review one of the schemes. of these schemes. We use the notation of Harn [47]. Let KDC denote the Key Distribution Center. The KDC selects: 1. p, a large prime, in the range 2 511 p 2 512 2. q, a prime divisor of p Gamma 1 3. fa i ; i = 0; t Gamma 1g, and f(x) a 0 a 1 x Delta Delta Delta a t Gamma1 x (mod q) where 0 a i q 4. ff, where ....

[Article contains additional citation context not shown here]

L. Harn. Group-oriented (t, n) threshold digital signature scheme and digital multisignature. IEE Proc.-Comput. Digit. Tech., 141(5):307-313, September 1994.

....or as tickets in applications such as secret voting schemes. The security of the blind signature schemes proposed in [1, 3] are based on the hardness of factorization [11] and the schemes proposed in [2, 4] is based on the hardness of computing discrete logarithm [12] Threshold signatures [13, 14] are motivated by the need that arises in organizations to have a group of employees who agree on a message before signing and by the need to protect the group private key from the attack of internal and external adversaries. The later becomes more important with the actual deployment of public ....

Harn, L Group-oriented (t, n) threshold digital signature scheme and digital multisignature, IEE Proc. Compu. Digit. Tech., 141(5) (1994) 307- 313.

....The scheme is inspired by an identi cation scheme proposed by Girault [9] and is an example of the general scheme: hence with proven security. We compare eciency of the scheme with that of the vHP scheme, and show that the two schemes have equal performance. Secondly, we employ an idea in [11] to construct a threshold FSS that does not require a trusted authority for key generation. The scheme provides cheater detection and enables the combiner to detect and remove a sender who sends junk instead of his partial signature. This becomes the essential property that is used to detect ....

L. Harn. Group-oriented (t, n) threshold digital signature scheme and digital multisignature. IEE Proc.-Comput. Digit. Tech., 141(5):307-313, September 1994.

....Supported under a National Science Foundation Graduate Fellowship and a grant from the NTT corporation. 1 [OO91, OO99] envisages S = G, that is, every signer in G must participate in producing a multisignature. The case of more general subgroups S has been, in particular, addressed in [IN83, Har94, LHL94, HMP95]. General subgroups of signers are needed in many applications. For example, if a certi cation authority is distributed on L servers, it would be useful that only a subset of the servers is needed to issue a valid certi cate. But: what properties should such general multisignatures satisfy We ....

....there has been no consensus on the precise meaning of the term. Even more troublesome is the fact that few of the previous proposals for multisignature schemes ever attempted a formal security proof, and some proposals turned out, in fact, to be insecure. For example, the proposals of [Har94] and [LHL94] were subsequently cryptanalyzed by [HMP95] Lan96] and [MH96] Absent a complete formal model, even schemes that have formal proofs of security are vulnerable to attacks: the Type II scheme of [OO99] is subject to a previously known attack on key generation, even though the ....

[Article contains additional citation context not shown here]

L. Harn. Group-oriented (t; n) threshold digital signature scheme and digital multisignature. IEE Proc.-Comput. Digit. Tech., 141(5), September 1994.

....the group, or if a new member joins the group, the public and the private key have to be modified, as well as the complementary public keys. In both cases, it is not necessary to modify the individual Diffie Hellman keys. 1.5. 8 Threshold cryptosystem based on the modified ElGamal signature In [64] Harn presented a threshold digital signature scheme which utilizes Shamir s scheme [143] the modified ElGamal signature by Agnew et al. 2] and the Digital Signature Algorithm proposed by NIST [155] There are two versions of the threshold signature, one with the assistance of a mutually ....

.... for an ideal threshold cryptosystems seem to be the combinations of Shamir s threshold scheme [143] and public key systems (Lagrange with ElGamal [43] Lagrange with RSA [44] Pedersen s cryptosystem with the homomorphism property (Homomorphic [125] and Harn s cryptosystem (Modified ElGamal [64]) Pedersen s system and Harn s have a big advantage over the other two systems because no third party has to be trusted to compute the group private key (Tab.1.6) In the systems using Shamir s scheme, no group key has to be modified if a new member joins a group, but only when a trusted third ....

Harn, L., Group-oriented (t,n) threshold digital signature scheme and digital multisignature, IEE Proc.-Comput.Digit.Tech., 141(5), 307--313, September 1994

....and Desmedt and Frankel [DF90] This approach has received considerable attention in the literature; we refer the reader to [Des94] for a survey of the work in this area. Particular examples of solutions to threshold signatures can be found in [DF92, DDFY94] for the case of RSA signatures, and [CMI93, Har94, Lan95] for ElGamal type of signatures. Threshold DSS signatures schemes were recently studied by Langford [Lan95] DSS signatures turn out to be less amenable to sharing techniques than RSA or even other ElGamal type of signatures, e.g. see [CMI93, Har94] Langford has overcome some of these ....

....for the case of RSA signatures, and [CMI93, Har94, Lan95] for ElGamal type of signatures. Threshold DSS signatures schemes were recently studied by Langford [Lan95] DSS signatures turn out to be less amenable to sharing techniques than RSA or even other ElGamal type of signatures, e.g. see [CMI93, Har94]. Langford has overcome some of these difficulties in the case of DSS, exhibiting a solution which requires a group of n = t 2 Gamma t 1 players in order to tolerate up to t players that might refuse to participate in the signature protocol. In any case all the works cited above did not ....

Lein Harn. Group--oriented (t; n) threshold digital signature scheme and digital multisignature. IEE Proc. Comput. Digit. Tech., 141(5):307--313, 1994. Bibliography 134

....of a general approach known as threshold cryptography. This approach has received considerable attention in the literature; we refer the reader to [59] for a survey of the work in this area. Particular examples of solutions to threshold signatures schemes can be found in [60, 160] for RSA and in [94] for ElGamal type of signatures. A threshold signature scheme is called robust if not only t or less players cannot produce a valid signature, but also cannot prevent the remaining players from computing a signature on their own. A robust scheme basically foils possible denial of service attacks ....

L. Harn. Group--oriented (t; n) threshold digital signature scheme and digital multisignature. IEE Proc. Comput. Digit. Tech., 141(5):307--313, 1994.

No context found.

Harn L. Group-oriented (t, n) threshold digital signature scheme and digital multisignature. IEE Proceedings of Computers and Digital and Technique, 1994,141(5): 307-313

No context found.

L. Harn. Group-oriented (t, n) threshold digital signature scheme and digital multisignature. IEE Proc.-Comput. Digit. Tech., 141(5), September 1994.

No context found.

L. Harn. Group oriented (t, n) threshold digital signature scheme and digital multisignature. IEE Proc.-Comput. Digit. Tech. 141(5):307--313, 1994. P. MacKenzie and M.K. Reiter

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC