Threshold-multisignature schemes combine the properties of threshold group-oriented signature schemes and multisignature schemes to yield a signature scheme that allows a threshold (t) or more group members to collaboratively sign an arbitrary message. In contrast to threshold group signatures, the individual signers do not remain anonymous, but are publicly identifiable from the information contained in the valid threshold-multisignature.
The main objective of this paper is to propose such a secure and efficient threshold-multisignature scheme. The paper uniquely defines the fundamental properties of threshold multisignature schemes and shows that the proposed scheme satisfies these properties and eliminates the latest attacks to which other similar schemes are subject. The efficiency of the proposed scheme is analyzed and shown to be superior to its counterparts.
The paper also proposes a discrete logarithm based distributed-key management infrastructure (DKMI), which consists of a round optimal, publicly verifiable, distributed-key generation (DKG) protocol and a one round, publicly verifiable, distributed-key redistribution/ updating (DKRU) protocol. The round optimal DKRU protocol solves a major problem with existing secret redistribution/updating schemes by giving group members a mechanism to identify malicious or faulty share holders in the first round, thus avoiding multiple protocol executions.
Threshold-multisignature schemes combine the properties of threshold group-oriented signature schemes and multisignature schemes. In the literature, threshold multisignature schemes are also referred to as threshold signature schemes with traceability.
The combined properties guarantee the signature verifier that at least t members participated in the generation of the group-oriented signature and that the identities of the signers can be easily established. The majority of the existing threshold-multisignature schemes belong to variants of the single signatory, generalized ElGamal signatures extended to a group/multiparty setting.
This paper is to propose a new threshold-multisignature scheme without a trusted third party (TTP), based on a round optimal, publicly verifiable DKG protocol. The proposed discrete logarithm-based threshold-multisignature scheme is also proactively secure, allowing for DKR to a new access structure and periodic DKU to mitigate attacks from an active/mobile adversary.
It is updating secret shares and facilitating changes in group membership by allowing an authorized subset of existing group members to redistribute secret shares to a new access structure.