Cryptology ePrint Archive: Report 2020/449

Switched Threshold Signatures from K-Private PolyShamir Secret Sharing

Kristian L. McDonald

Abstract: Variant secret sharing schemes deriving from Shamir's threshold secret sharing protocol are presented. Results include multi-secret sharing protocols using shares with $O(1)$ elements, independent of the number of secrets. The new schemes achieve a weaker notion of security (they're secure rather than strongly secure) but maintain a property called $K$-privacy (inspired by $k$-anonymity). $K$-privacy ensures that all secrets remain private with respect to a subset of the secret space, though the particular subset providing privacy may vary among adversaries that acquire distinct sub-threshold sets of shares. Depending on the number of secrets and the protocol details, secure $K$-private multi-secret sharing schemes may be ``almost'' strongly secure or may remain merely secure and $K$-private - a difference captured by the notion of $K$-security. Novel applications of the multi-secret sharing schemes are presented, realising a primitive called a switched threshold signature. Switched threshold signatures have the quirky property that aggregating a threshold number of signatures of one type (e.g. Pointcheval-Sanders signatures) ``switches'' the signatures into a master signature of a different type. Collectively these results may permit efficiencies within, e.g., threshold credential issuance protocols.

Category / Keywords: cryptographic protocols / secret sharing, threshold signatures

Date: received 17 Apr 2020

Contact author: klmcd at protonmail com

Available format(s): PDF | BibTeX Citation

Version: 20200420:093158 (All versions of this report)

Short URL: ia.cr/2020/449


[ Cryptology ePrint archive ]