Cryptology ePrint Archive: Report 2004/269

Cryptanalysis of Threshold-Multisignature Schemes

Lifeng Guo

Abstract: In [1], Li et al. proposed a new type of signature scheme, called the $(t,n)$ threshold-mutisignature scheme. The first one needs a mutually trusted share distribution center (SDC) while the second one does not. In this paper, we present a security analysis on their second schemes. We point out that their second threshold-multisignature scheme is vulnerable to universal forgery by an insider attacker under reasonable assumptions. In our attack, $(n-t+1)$ colluding members can control the group secret key. Therefore, they can generate valid threshold-multisignautre for any message without the help of other members. Furthermore, honest members cannot detect this security flaw in the system, since any $t$ members can generate threshold-multisignatures according to the prescribed protocols.

Category / Keywords: cryptographic protocols / threshold-multisignature; secret sharing

Date: received 16 Oct 2004

Contact author: lfguo at mail cstnet cn

Available formats: PDF | BibTeX Citation

Version: 20041021:200107 (All versions of this report)

Discussion forum: Show discussion | Start new discussion