Simulatable and secure certificate-based threshold signature without pairings

Authors

  • Feng Wang,

    1. Department of Mathematics and Physics, Fujian University of Technology, Fuzhou, Fujian, China
    2. Department of Information Engineering and Computer Science, Feng Chia University, Taichung, Taiwan
    Search for more papers by this author
  • Chin-Chen Chang,

    Corresponding author
    1. Department of Information Engineering and Computer Science, Feng Chia University, Taichung, Taiwan
    2. Department of Computer Science and Information Engineering, Asia University, Taichung, Taiwan
    • Correspondence: Chair Professor Chin-Chen Chang, Department of Information Engineering and Computer Science, Feng Chia University, 100 Wenhwa Rd., Seatwen, Taichung 40724, Taiwan.

      E-mail: alan3c@gmail.com

    Search for more papers by this author
  • Lein Harn

    1. Department of Computer Science Electrical Engineering, University of Missouri–Kansas City, Kansas City, MO, U.S.A.
    Search for more papers by this author

ABSTRACT

We propose the notion and define the security model of a certificate-based threshold signature. The model is a general model that allows both the master secret key and user secret keys to be determined and distributed to the corresponding participators. Furthermore, the model can be easily converted into an identity-based (ID-based) threshold signature model to solve the key escrow problem and can be converted into a certificateless threshold signature model. In addition, we propose a secure and efficient certificate-based threshold signature scheme. Compared with previous ID-based threshold signature and certificateless threshold signature, our scheme requires no computation of pairings and no trusted dealer. In addition, in our proposed scheme, unlike most schemes that require all members to jointly generate a certificate or a signature, it only requires t or more than t members to generate a certificate or a signature. Our proposed scheme can detect dishonest participants as well. Therefore, our scheme is more practical than existing schemes. We show that our scheme is existentially unforgeable against adaptive chosen message attacks under the discrete logarithm assumption. Copyright © 2013 John Wiley & Sons, Ltd.

Ancillary