Providing security support for mobile ad-hoc networks is challenging for several reasons: (a) wireless networks are susceptible to attacks ranging from passive eavesdropping to active interfering, occasional break-ins by adversaries may be inevitable in a large time window; (b) mobile users demand “anywhere, anytime ” services; (c) a scalable solution is needed for a large-scale mobile network. In this paper, we describe a solution that supports ubiquitous security services for mobile hosts, scales to network size, and is robust against break-ins. In our design, we distribute the certification authority functions through a threshold secret sharing mechanism, in which each entity holds a secret share and multiple entities in a local neighborhood jointly provide complete services. We employ localized certification schemes to enable ubiquitous services. We also update the secret shares to further enhance robustness against break-ins. Both simulations and implementation confirm the effectiveness of our design.

We present an RSA threshold signature scheme. The scheme enjoys the following properties: 1. it is unforgeable and robust in the random oracle model, assuming the RSA problem is hard

We propose a robust proactive threshold signature scheme, a multisignature scheme and a blind signature scheme which work in any Gap Diffie-Hellman (GDH) group (where the Computational Diffie-Hellman problem is hard but the Decisional Diffie-Hellman problem is easy). Our constructions are based on the recently proposed GDH signature scheme of Boneh et al. [8]. Due to the instrumental structure of GDH groups and of the base scheme, it turns out that most of our constructions are simpler, more efficient and have more useful properties than similar existing constructions. We support all the proposed schemes with proofs under the appropriate computational assumptions, using the corresponding notions of security.

. We present threshold DSS (Digital Signature Standard) signatures where the power to sign is shared by n players such that for a given parameter t ! n=2 any subset of 2t + 1 signers can collaborate to produce a valid DSS signature on any given message, but no subset of t corrupted players can forge a signature (in particular, cannot learn the signature key). In addition, we present a robust threshold DSS scheme that can also tolerate n=3 players who refuse to participate in the signature protocol. We can also endure n=4 maliciously faulty players that generate incorrect partial signatures at the time of signature computation. This results in a highly secure and resilient DSS signature system applicable to the protection of the secret signature key, the prevention of forgery, and increased system availability. Our results significantly improve over a recent result by Langford from CRYPTO'95 that presents threshold DSS signatures which can stand much smaller subsets of corrupted player...

Abstract not found

The goal of this paper is to introduce a simple verifiable secret sharing scheme, to improve the efficiency of known secure multiparty protocols and, by employing these techniques, to improve the efficiency of applications which use these protocols. First we present a very simple Verifiable Secret Sharing protocol which is based on fast cryptographic primitives and avoids altogether the need for expensive zero-knowledge proofs. This is followed by a highly simplified protocol to compute multiplications over shared secrets. This is a major component in secure multiparty computation protocols and accounts for much of the complexity of proposed solutions. Using our protocol as a plug-in unit in known protocols reduces their complexity. We show how to achieve efficient multiparty computations in the computational model, through the application of homomorphic commitments. Finally, we present fast-track multiparty computation protocols. In a model in which malicious faults are rare we s...

In his well-known Information Dispersal Algorithm paper, Rabin showed a way to distribute information in n pieces among n servers in such a way that recovery of the information is possible in the presence of up to t inactive servers. An enhanced mechanism to enable construction in the presence of malicious faults, which can intentionally modify their pieces of the information, was later presented by Krawczyk. Yet, these methods assume that the malicious faults occur only at reconstruction time. In this paper we address the more general problem of secure storage and retrieval of information (SSRI), and guarantee that also the process of storing the information is correct even when some of the servers fail. Our protocols achieve this while maintaining the (asymptotical) space optimality of the above methods. We also consider SSRI with the added requirement of con dentiality, by which no party except for the rightful owner of the information is able to learn anything about it. This is achieved through novel applications of cryptographic techniques, such as the distributed generation of receipts, distributed key management via threshold cryptography, and “blinding”. An

. Delegation of rights is a common practice in the real world. Proxy signature schemes have been invented to delegate signing capability efficiently and transparently. In this paper, we present a new nonrepudiable proxy signature scheme. Nonrepudiation means the signature signers, both original and proxy signers, cannot falsely deny later that he generated a signature. In practice, it is important and, sometimes, necessary to have the ability to know who is the actual signer of a proxy signature for internal auditing purpose or when there is abusing of signing capability. The new nonrepudiable proxy signature scheme also has other desirable properties, such as proxy signature key generation and updating using insecure channels. We also show how to construct threshold proxy signature schemes with an example. Threshold signatures are motivated both by the need that arises in some organizations to have a group of employees agree on a given message (or a document) before signing it, as wel...

Abstract. We put forward two new measures of security for threshold schemes secure in the adaptive adversary model: security under concurrent composition; and security without the assumption of reliable erasure. Using novel constructions and analytical tools, in both these settings, we exhibit efficient secure threshold protocols for a variety of cryptographic applications. In particular, based on the recent scheme by Cramer-Shoup, we construct adaptively secure threshold cryptosystems secure against adaptive chosen ciphertext attack under the DDH intractability assumption. Our techniques are also applicable to other cryptosystems and signature schemes, like RSA, DSS, and ElGamal. Our techniques include the first efficient implementation, for a wide but special class of protocols, of secure channels in erasure-free adaptive model. Of independent interest, we present the notion of a committed proof. 1

Abstract. We discuss the following problem: Given an integer φ shared secretly among n players and a prime number e, how can the players efficiently compute a sharing of e −1 mod φ. The most interesting case is when φ is the Euler function of a known RSA modulus N, φ = φ(N). The problem has several applications, among which the construction of threshold variants for two recent signature schemes proposed by Gennaro-Halevi-Rabin and Cramer-Shoup. We present new and efficient protocols to solve this problem, improving over previous solutions by Boneh-Franklin and Frankel et al. Our basic protocol (secure against honest but curious players) requires only two rounds of communication and a single GCD computation. The robust protocol (secure against malicious players) adds only a couple of rounds and a few modular exponentiations to the computation. 1