Paper 2022/1636
Threshold Signatures with Private Accountability
, University of WaterlooAbstract
Existing threshold signature schemes come in two flavors: (i) fully private, where the signature reveals nothing about the set of signers that generated the signature, and (ii) accountable, where the signature completely identifies the set of signers. In this paper we propose a new type of threshold signature, called TAPS, that is a hybrid of privacy and accountability. A TAPS signature is fully private from the public's point of view. However, an entity that has a secret tracing key can trace a signature to the threshold of signers that generated it. A TAPS makes it possible for an organization to keep its inner workings private, while ensuring that signers are accountable for their actions. We construct a number of TAPS schemes. First, we present a generic construction that builds a TAPS from any accountable threshold signature. This generic construction is not efficient, and we next focus on efficient schemes based on standard assumptions. We build two efficient TAPS schemes (in the random oracle model) based on the Schnorr signature scheme. We conclude with a number of open problems relating to efficient TAPS.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- A minor revision of an IACR publication in CRYPTO 2022
- DOI
- 10.1007/978-3-031-15985-5_19
- Keywords
- threshold signatures multisignatures Schnorr signatures
- Contact author(s)
-
dabo @ cs stanford edu
ckomlo @ uwaterloo ca - History
- 2022-11-25: approved
- 2022-11-24: received
- See all versions
- Short URL
- https://ia.cr/2022/1636
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1636,
author = {Dan Boneh and Chelsea Komlo},
title = {Threshold Signatures with Private Accountability},
howpublished = {Cryptology {ePrint} Archive, Paper 2022/1636},
year = {2022},
doi = {10.1007/978-3-031-15985-5_19},
url = {https://eprint.iacr.org/2022/1636}
}
