Distributed RSA signature schemes for general access structures

Abstract

In a distributed digital signature scheme, a set of participants shares a secret information that allows them to jointly compute a valid signature for any given message. These systems are said to be robust if they can tolerate the presence of some dishonest players. Up to now, most of the proposed schemes consider only threshold structures: the system tolerates the presence of less than t corrupted players, and the subsets of players who can sign a message are those with k or more players, where k ≥ t. We propose a framework which is more general than the threshold one, considering a general access structure of players allowed to sign and a general family of dishonest players that the scheme can tolerate. If these structures satisfy some conditions, we can design a distributed and secure RSA signature scheme for this setting. Our construction generalizes the threshold scheme of Shoup [23]. We also present some examples of non-threshold structures for which our scheme can be efficiently applied. © Springer-Verlag Berlin Heidelberg 2003.