Nowadays, digital signature methods play a crucial role in ensuring information security in computer networks by offering services such as authentication, integrity, and non-repudiation. In addition to typical digital signature standards such as RSA, ECDSA, or EdDSA, cryptographers also develop and introduce a number of special signature schemes for practical applications, such as threshold signature schemes, blind signature schemes, etc. The threshold signature scheme, in particular, is a group-oriented digital signature scheme that has been implemented in industries including blockchain technology and e-commerce and is currently garnering considerable attention. The objective of this paper is to propose a threshold signature scheme that offers both strong security and efficient computational cost when implemented on Elliptic curves in Edwards form. We analyze the security of the proposed scheme against known attacks, comparing the security and computational cost with other existing schemes in recent years. The result of the article is a threshold digital signature scheme with good potential for practical application in e-commerce systems and Blockchain technology.

Threshold Signature; Elliptic Curve; Edward; ECDSA; TS-EdDSA

[1] A. Roy and S. Karforma, “A survey on digital signatures and its applications,” Journal of Computer and Information Technology, vol.3, no.2, pp. 45-69, 2012.

[2] N. Asghar, A Survey on Blind Digital Signatures, University of Waterloo, ON, Canada, 2011.

[3] H. Kinkelin and F. Rezabek, “A Survey on Threshold Signature Schemes,” in Proceeding of Seminar IITM SS 20 - Network Architectures and Services, Informatics Technical University of Munich, 2020, pp. 49-53.

[4] S. Josefsson and I. Liusvaara, "Edwards-Curve Digital Signature Algorithm (EdDSA)," RFC 8032, 2017. [Online]. Available: https://www.rfc-editor.org/rfc/rfc8032. [Accessed Oct. 26, 2023].

[5] Y. Desmedt and Y. Frankel, “Threshold cryptosystems,” in Advances in Cryptology CRYPTO’ 89 Proceedings, Springer New York, 1990, pp. 307-315.

[6] S. Tang, “Simple Threshold RSA Signature Scheme Based on Simple Secret Sharing,” in Proceeding of International Conference on Computational and Information Science, Springer, 2005, pp. 186-191.

[7] R. Gennaro, S. Halevi, H. Krawczyk, and T. Rabin, “Threshold RSA for Dynamic and Ad-Hoc Groups,” in Proceeding of Advances in Cryptology – EUROCRYPT 2008, Springer, 2008, pp. 88-107.

[8] J. Dossogne, F. Lafitte, and D. V. Heule, “Secure and practical threshold RSA,” in Proceedings of the 6th International Conference on Security of Information and Networks, Aksaray Turkey, 2013, pp. 79-85.

[9] Gennaro and S. Goldfeder, “Fast multiparty threshold ECDSA with fast trustless setup,” In Proceeding of ACM CCS 2018, ACM Press, 2018, pp. 1179–1194.

[10] J. Doerner, Y. Kondi, E. Lee, and A. Shelat, “Threshold ECDSA from ECDSA Assumptions: The Multiparty Case,” 2019 IEEE Symposium on Security and Privacy (SP), 2019, pp. 1051-1066.

[11] Komlo and I. Goldberg, “Frost: flexible round-optimized schnorr threshold signatures,” in Proceeding of International Conference on Selected Areas in Cryptography, Springer, 2020, pp. 34–65.

[12] F. Garillot, Y. Kondi, P. Mohassel, and V. Nikolaenko, “Threshold Schnorr with Stateless Deterministic Signing from Standard Assumptions,” in Advances in Cryptology — CRYPTO 2021, Springer, 2021, pp. 26-28.

[13] M. Battagliola, R. Longo, A. Meneghetti, and M. Sala, “Provably Unforgeable Threshold EdDSA with an Offline Participant and Trustless Setup,” Mediterranean Journal of Mathematics, vol. 20, no. 253, pp. 1-30, 2023.

[14] C. Bonte, N. P. Smart, and T. Tanguy, “Thresholdizing HashEdDSA: MPC to the rescue,” in International Journal of Information Security, vol. 20, no. 6, pp. 879–894, 2021.

[15] D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, and B.-Y. Yang, “High-speed high-security signatures,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, 2011, pp. 124–142.

[16] D. Giry, “Recommendation for Key Management,” Special Publication 800-57 Part 1 Rev. 5, National Institute of Standards and Technology of America, May 2020. [Online]. Available: https://www.keylength.com/en/4/. [Accessed Oct. 14, 2023].

[17] V. N. Nguyen and Q. T. Do, “Attacks on elliptic curve digital signature algorithm related to the secret value k and proposed solutions to prevention,” Proceedings of the 15th National Conference on Fundamental and Applied Information Technology Research (FAIR), Ha Noi - Viet Nam, 2022, pp. 90-94.

[18] Romailler and Pelissier, “Practical Fault Attack against the Ed25519 and EdDSA Signature Schemes,” Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2017, pp. 1-22.

[19] P. -A. Fouque, R. Lercier, D. Réal, and F. Valette, "Fault Attack on Elliptic Curve Montgomery Ladder Implementation," 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography, Washington, DC, USA, 2008, pp. 92-98, doi: 10.1109/FDTC.2008.15.

[20] T. T. Dinh, Q. T. Nguyen, V. S. Nguyen, and V. D. Nguyen, “An algorithm to select a secure twisted elliptic curve in cryptography,” Journal of Science and Technology on Information security, no. 1 - CS15, pp. 17-25, 2022.

[21] M. Roetteler, M. Naehrig, K. M. Svore, and K. Lauter, “Quantum Resource Estimates for Computing Elliptic Curve Discrete Logarithms,” Cryptology ePrint Archive, no. 598, pp. 1-24, 2017.

[22] Federal Office for Information Security of Germany, “Recommendations and Key Lengths,” TR02102-1 v2023-01, BSI, March 2023. [Online]. Available: https://www.bsi.bund.de/SharedDocs/Downloads/ EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.html. [Accessed Oct. 14, 2023].