Threshold RSA for Dynamic and AdHoc Groups.pdf
文本预览下载声明
Threshold RSA for Dynamic and Ad-Hoc Groups
Rosario Gennaro, Shai Halevi, Hugo Krawczyk, Tal Rabin
IBM T.J.Watson Research Center
Hawthorne, NY USA
Abstract. We consider the use of threshold signatures in ad-hoc and dynamic groups such as MANETs
(“mobile ad-hoc networks”). While the known threshold RSA signature schemes have several properties
that make them good candidates for deployment in these scenarios, none of these schemes seems prac-
tical enough for realistic use in these highly-constrained environments. In particular, this is the case of
the most efficient of these threshold RSA schemes, namely, the one due to Shoup. Our contribution is
in presenting variants of Shoup’s protocol that overcome the limitations that make the original protocol
unsuitable for dynamic groups. The resultant schemes provide the efficiency and flexibility needed in
ad-hoc groups, and add the capability of incorporating new members (share-holders) to the group of
potential signers without relying on central authorities. Namely, any threshold of existing members can
cooperate to add a new member. The schemes are efficient, fully non-interactive and do not assume
broadcast.
1 Introduction
A distributed signature scheme is a protocol where the ability to sign is distributed among a
group of entities, so that a sufficiently large subset can produce valid signatures while a “small”
subset cannot generate such a signature. These schemes are often referred to as t-out-of-n threshold
signatures where n is the total number of entities and t is the “threshold”. Namely, t +1 cooperating
parties can produce a valid signature, but t or less cannot (even if they depart maliciously from t
显示全部