CryptoDB
Cryptanalysis of Threshold-Multisignature Schemes
Authors: | |
---|---|
Download: | |
Abstract: | In [1], Li et al. proposed a new type of signature scheme, called the $(t,n)$ threshold-mutisignature scheme. The first one needs a mutually trusted share distribution center (SDC) while the second one does not. In this paper, we present a security analysis on their second schemes. We point out that their second threshold-multisignature scheme is vulnerable to universal forgery by an insider attacker under reasonable assumptions. In our attack, $(n-t+1)$ colluding members can control the group secret key. Therefore, they can generate valid threshold-multisignautre for any message without the help of other members. Furthermore, honest members cannot detect this security flaw in the system, since any $t$ members can generate threshold-multisignatures according to the prescribed protocols. |
BibTeX
@misc{eprint-2004-12236, title={Cryptanalysis of Threshold-Multisignature Schemes}, booktitle={IACR Eprint archive}, keywords={cryptographic protocols / threshold-multisignature; secret sharing}, url={http://eprint.iacr.org/2004/269}, note={ lfguo@mail.cstnet.cn 12708 received 16 Oct 2004}, author={Lifeng Guo}, year=2004 }