Paper 2020/449

Switched Threshold Signatures from K-Private PolyShamir Secret Sharing

Kristian L. McDonald


Variant secret sharing schemes deriving from Shamir's threshold secret sharing protocol are presented. Results include multi-secret sharing protocols using shares with $O(1)$ elements, independent of the number of secrets. The new schemes achieve a weaker notion of security (they're secure rather than strongly secure) but maintain a property called $K$-privacy (inspired by $k$-anonymity). $K$-privacy ensures that all secrets remain private with respect to a subset of the secret space, though the particular subset providing privacy may vary among adversaries that acquire distinct sub-threshold sets of shares. Depending on the number of secrets and the protocol details, secure $K$-private multi-secret sharing schemes may be ``almost'' strongly secure or may remain merely secure and $K$-private - a difference captured by the notion of $K$-security. Novel applications of the multi-secret sharing schemes are presented, realising a primitive called a switched threshold signature. Switched threshold signatures have the quirky property that aggregating a threshold number of signatures of one type (e.g. Pointcheval-Sanders signatures) ``switches'' the signatures into a master signature of a different type. Collectively these results may permit efficiencies within, e.g., threshold credential issuance protocols.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
secret sharingthreshold signatures
Contact author(s)
klmcd @ protonmail com
2020-04-20: received
Short URL
Creative Commons Attribution


      author = {Kristian L.  McDonald},
      title = {Switched Threshold Signatures from K-Private PolyShamir Secret Sharing},
      howpublished = {Cryptology ePrint Archive, Paper 2020/449},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.