A $(t,n)$-threshold signature scheme enables distributed signing among $n$ players such that any subset of size at least $t$ can sign, whereas any subset with fewer players cannot. The goal is to produce threshold digital signatures that are compatible with an existing centralized signature scheme. Starting from the threshold scheme for the ECDSA signature due to Battagliola et al., we present the first protocol that supports EdDSA multi-party signatures with an offline participant during the key-generation phase, without relying on a trusted third party. Under standard assumptions we prove our scheme secure against adaptive malicious adversaries. Furthermore we show how our security notion can be strengthen when considering a rushing adversary. We discuss the resiliency of the recovery in the presence of a malicious party. Using a classical game-based argument, we prove that if there is an adversary capable of forging the scheme with non-negligible probability, then we can build a forger for the centralized EdDSA scheme with non-negligible probability.
翻译:A(t,n) $xxxxxxxxxxxslock 签字计划使得在美元球员之间可以分配分配签名,这样,任何规模的子集至少可以签署美元,而任何子集如果球员较少,则无法签署。目标是产生与现有集中签名计划相容的临界数字签名。从由Battagliola等人负责的ECDSA签名的门槛计划开始,我们提出第一个协议,在关键生成阶段支持爱德华多党多党签名的离线参与者,而不必依赖受信任的第三方。根据标准假设,我们证明我们的计划对适应性恶意对手是安全的。此外,我们展示了在考虑冲撞对手时如何加强我们的安全概念。我们讨论了在恶意的一方面前恢复的弹性。我们使用传统的游戏论断,证明如果对手有能力在不明显概率的情况下将该计划建立起来,那么我们就可以为中央化的爱德华公司计划建造一个不明显概率的支架。