Threshold Signatures with Private Accountability

Boneh, Dan; Komlo, Chelsea

doi:10.1007/978-3-031-15985-5_19

Cited by 15 publications

(7 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Threshold signatures [20][21][22][23][24] are cryptographic schemes that allow participants to produce a valid digital signature collectively. Unlike traditional digital signatures that require a single entity to sign a message, threshold signatures distribute the signing authority among multiple parties.…”

Section: Threshold Signaturementioning

confidence: 99%

RQPoA: A random quantum PoA Consensus Mechanism in Blockchain Based on Quantum Methods

WANG,

Li,

Liu

et al. 2024

Preprint

View full text Add to dashboard Cite

As a distributed network, the operational efficacy of a blockchain system relies heavily on the consensus mechanism it adopts. Among the mainstream consensus mechanisms in blockchain, proof-of-authority (PoA) is appealing for its post-quantum security and block generation efficiency and, therefore, has gained academic attention. Nevertheless, the traditional PoA faces three major problems: (1) Low decentralization. The allocation of bookkeeping rights has a low degree of decentralization in the blockchain network. (2) Low availability. The total exposure of the leader node makes it susceptible to centralized attacks, leading to a single point of failure (SPOF) dilemma and reducing the availability of the entire blockchain system. (3) Non-robustness (low fault tolerance). Generating a new block must be done jointly by all validator nodes, with this voting process potentially delayed due to invalid voter participation. To address these issues, this paper improves PoA and proposes a new consensus mechanism scheme, the random quantum proof of authority (RQPoA). First, RQPoA develops the leader node election algorithm with a verifiable delay function (VDF) to realize fair and impartial leader node selection, enforcing the blockchain’s decentralization level. Second, RQPoA adopts the multi-party quantum secret sharing protocol to share the leader node’s identity among validator nodes confidentially. This strategy eliminates SPOF caused by the leader node, increasing the blockchain system availability. Third, RQPoA incorporates a candidate block voting protocol based on a quantum threshold signature to complete the block proposal, which is fault-tolerant and thus enhances the blockchain system's robustness. A security analysis of RQPoA demonstrates its security, efficiency, and better fault tolerance than related quantum consensus mechanisms. In conclusion, the RQPoA makes a useful exploration for researching secure consensus mechanisms in the post-quantum era and enriches the related research.

show abstract

Section: Threshold Signaturementioning

confidence: 99%

RQPoA: A random quantum PoA Consensus Mechanism in Blockchain Based on Quantum Methods

WANG,

Li,

Liu

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…Others may offer privacy in that signatures are indistinguishable regardless of which shares were used. Boneh and Komlo [11] proposed threshold signature schemes with private accountability by introducing a separate accountability key that can be used to compute (and prove) which shares were used to sign, similar to our notion of avowal.…”

Section: Retroactivity In Signature Schemesmentioning

confidence: 99%

NOTRY: Deniable messaging with retroactive avowal

Wang,

Cohney,

Wahby

et al. 2024

PoPETs

View full text Add to dashboard Cite

Modern secure messaging protocols typically aim to provide deniability. Achieving this requires that convincing cryptographic transcripts can be forged without the involvement of genuine users. In this work, we observe that parties may wish to revoke deniability and avow a conversation after it has taken place. We propose a new protocol called Not-on-the-Record-Yet (NOTRY) which enables users to prove a prior conversation transcript is genuine. As a key building block we propose avowable designated verifier proofs which may be of independent interest. Our implementation in- curs roughly 8× communication and computation overhead over the standard Signal protocol during regular operation. We find it is nonetheless deployable in a realistic setting as key exchanges (the source of the overhead) still complete in just over 1ms on a modern computer. The avowal protocol induces only constant computation and communication performance for the communicating parties and scales linearly in the number of messages avowed for the verifier—in the tens of milliseconds per avowal.

show abstract

“…A recent work Threshold, Accountable, and Private Signature (TAPS) [10] proposed by Boneh and Komlo (CRYP-TO '22) has achieved both accountability and privacy. In TAPS, a key generation function takes n and t as input, and generates a public key pk and n private keys sk 1 , sk 2 , • • • , sk n for the n signers; during the signing process, each signer from a quorum of t signers S, holding a private key sk, generates a signature share σ i ; a combiner holding a combining key sk c uses {σ i } n i=1 to generate a complete signature σ; a signature verification function takes as input pk, m, and σ to output accept or reject; a tracer (or anyone) with a tracing key sk t can trace a signature to the quorum that generates it.…”

Section: B Existing Workmentioning

confidence: 99%

“…-Trace(pk, m, σ m ): run ATS.Verify(pk, m, σ m ), if it is valid, output S, else output fail. An ATS is secure if it is unforgeable and accountable, i.e., if for every Probabilistic Polynomial Time (PPT) adversary A, the function Adv forg A,ATS of winning an unforgeability and accountability attack game is a negligible function of λ [10].…”

Section: A Atsmentioning

confidence: 99%

Decentralized Threshold Signatures With Dynamically Private Accountability

Li,

Ding,

Wang

et al. 2024

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Threshold signature is a fundamental cryptographic primitive used in many practical applications. As proposed by Boneh and Komlo (CRYPTO'22), TAPS is a threshold signature that is a hybrid of privacy and accountability. It enables a combiner to combine t signature shares while revealing nothing about the threshold t or signing quorum to the public and asks a tracer to track a signature to the quorum that generates it. However, TAPS has three disadvantages: it 1) structures upon a centralized model, 2) assumes that both combiner and tracer are honest, and 3) leaves the tracing unnotarized and static.In this work, we introduce Decentralized, Threshold, dynamically Accountable and Private Signature (DeTAPS) that provides decentralized combining and tracing, enhanced privacy against untrusted combiners (tracers), and notarized and dynamic tracing. Specifically, we adopt Dynamic Threshold Public-Key Encryption (DTPKE) to dynamically notarize the tracing process, design non-interactive zero knowledge proofs to achieve public verifiability of notaries, and utilize the Key-Aggregate Searchable Encryption to bridge TAPS and DTPKE so as to awaken the notaries securely and efficiently. In addition, we formalize the definitions and security requirements for DeTAPS. Then we present a concrete construction and formally prove its security and privacy. To evaluate the performance, we build a prototype based on SGX2 and Ethereum.

show abstract

Threshold Signatures with Private Accountability

Cited by 15 publications

References 52 publications

RQPoA: A random quantum PoA Consensus Mechanism in Blockchain Based on Quantum Methods

RQPoA: A random quantum PoA Consensus Mechanism in Blockchain Based on Quantum Methods

NOTRY: Deniable messaging with retroactive avowal

Decentralized Threshold Signatures With Dynamically Private Accountability

Contact Info

Product

Resources

About