1 / 18

An efficient threshold RSA digital signature scheme

An efficient threshold RSA digital signature scheme. Source : Applied Mathematics and Computation, Volume 166, Issue 1, 6 July 2005, Pages 25-34 Author : Qiu-Liang Xu, Tzer-Shyong Chen Speaker : 李士勳 Date : 2005,12,14. Outline. Introduction Descriptions of the scheme

Download Presentation

An efficient threshold RSA digital signature scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. An efficient threshold RSA digital signature scheme Source:Applied Mathematics and Computation, Volume 166, Issue 1, 6 July 2005, Pages 25-34 Author:Qiu-Liang Xu, Tzer-Shyong Chen Speaker:李士勳 Date:2005,12,14

  2. Outline • Introduction • Descriptions of the scheme • Analysis of security and efficiency • Conclusions

  3. Introduction • Resisting conspiracy attack • (t,n) threshold signature scheme

  4. Introduction • 1991:Desmedt and Frankel fist proposed the threshold signature scheme • 1994:Li et al. presented two (t,n) threshold signature schemes • 1997:Michels and Horster proved them insecure • 1998:Wang et al. presented two (t,n) threshold signature schemes

  5. Descriptions of the scheme p and q are large primes

  6. Descriptions of the scheme • represent the set of all members in the system

  7. Initialization phase • Key Dealing Center(KDC) must establish four parameters • RSA parameters • Lagrange interpolation parameters • Parameters used in modulus convention • Parameters used in partial signature verification

  8. RSA parameters • p,q,n,e and d to generatethe group signature, where n=p*q, p and p are two safe primes, (n,e) is the public key, and d is the private key • P,Q,N,E and D which is used by the signature generator(SG), where N=P*Q>n, P and Q are also two safe primes, (N,E) is the public key, and D is the private key

  9. Lagrange interpolation parameters • Select a large public prime r>n • Select a random polynomial f(x), d=f(0)

  10. Parameters used in modulus convention • Consider a sample message , so that the order of in group is • Compute • Make public

  11. Parameters used in partial signature verification • Select randomly an element of order compute i=1,2,…,n and send publicly v and to the signature generator SG

  12. Signature phase • Chaum-Pedersen zero-knowledge protocol

  13. Chaum-Pedersen zero-knowledge protocol • One-way hash function H(), and a random number u, compute z=xc+u • (z,c) proves , the verifier acepts the proof if and only if • Clearly, when ,the proof holds

  14. Signature phase • denotes the t shareholders who participate in signing

  15. Signature phase • Select a random number • Compute , • Send to SG • , , • (m,s(m),S(m)) is the signature on message m

  16. Signature phase • If then (m,s(m),S(m)) is appetped as a valid signature

  17. Analysis of security and efficiency • The fist step of the initialization phase builds only the RSA cryptosystem, without providing any extra information • The second step is to establish a (t,n) threshold system based on Lagrange interpolation • The third and forth step is hard to slove the discrete logarithm problem

  18. Conclusions • Resisting conspiracy attack

More Related