[Resource Topic] 2004/273: Cryptanalysis of Threshold-Multisignature schemes

Welcome to the resource topic for 2004/273

Cryptanalysis of Threshold-Multisignature schemes

Authors: Lifeng Guo


In [1], Li et al. proposed a new
type of signature scheme, called the (t,n)
threshold-mutisignature scheme. The first one needs a mutually
trusted share distribution center (SDC) while the second one does
not. In this paper, we present a security analysis on their second
schemes. We point out that their second threshold-multisignature
scheme is vulnerable to universal forgery by an insider attacker
under reasonable assumptions. In our attack, (n-t+1) colluding
members can control the group secret key. Therefore, they can
generate valid threshold-multisignautre for any message without
the help of other members. Furthermore, honest members cannot
detect this security flaw in the system, since any t members can
generate threshold-multisignatures according to the prescribed

ePrint: https://eprint.iacr.org/2004/273

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .