Title: A Fully Adaptively Secure Threshold Signature Scheme Based on Dual-Form Signatures Technology
Abstract: In <math xmlns="http://www.w3.org/1998/Math/MathML" id="M1"> <mfenced open="(" close=")" separators="|"> <mrow> <mi>t</mi> <mo>,</mo> <mi>n</mi> </mrow> </mfenced> </math> threshold signature schemes, any subset of <math xmlns="http://www.w3.org/1998/Math/MathML" id="M2"> <mi>t</mi> </math> participants out of <math xmlns="http://www.w3.org/1998/Math/MathML" id="M3"> <mi>n</mi> </math> can produce a valid signature, but any fewer than <math xmlns="http://www.w3.org/1998/Math/MathML" id="M4"> <mi>t</mi> </math> participants cannot. Meanwhile, a threshold signature scheme should remain robust and unforgeable against up to <math xmlns="http://www.w3.org/1998/Math/MathML" id="M5"> <mi>t</mi> <mo>−</mo> <mn>1</mn> </math> corrupted participants. This nonforgeability property is that even an adversary breaking into up to <math xmlns="http://www.w3.org/1998/Math/MathML" id="M6"> <mi>t</mi> <mo>−</mo> <mn>1</mn> </math> participants should be unable to generate signatures on its own. Existential unforgeability against adaptive chosen message attacks is widely considered as a standard security notion for digital signature, and threshold signature should also follow this accordingly. However, there are two special attack models in a threshold signature scheme: one is the static corruption attack and the other is the adaptive corruption attack. Since the adaptive corruption model appears to better capture real threats, designing and proving threshold signature schemes secure in the adaptive corruption model has been focused on in recent years. If a threshold signature is secure under adaptive chosen message attack and adaptive corruption attack, we say it is fully adaptively secure. In this paper, based on the dual pairing vector spaces technology, we construct a threshold signature scheme and use Gerbush et al.’s dual-form signatures technology to prove our scheme, which is fully adaptively secure in the standard model, and then compare it to other schemes in terms of the efficiency and computation.