How to construct efficient on-line/off-line threshold signature schemes through the simulation approach

An on-line/off-line threshold signature (OTS) scheme is a distributed cryptosystem in which a group of players jointly generate a signature for a message and use the on-line/off-line technique to improve the efficiency of signing. An OTS scheme can be applied to large-scaled distributed data storage systems and can highly improve the efficiency of writing files. There are two approaches to construct an ordinary threshold signature scheme: the direct approach and the simulation approach. Owing to its simplicity, people tend to use the simulation approach, in which the security of a threshold signature scheme is reduced to the security of its underlying (and simpler) signature scheme. The security proof in this approach is based on a theorem that guarantees the validity of the security reduction-we call this theorem the simulation theorem. However, the simulation theorem (and thus the simulation approach) for an ordinary threshold signature scheme cannot be applied to the on-line/off-line cases, because partial signature exposure problems might occur in these cases. This paper presents a simulation theorem for the on-line/off-line cases, where the security of an OTS scheme is reduced to the security of a so-called divisible on-line/off-line signature scheme. This provides a theoretical basis for constructing an OTS scheme through the simulation approach. Furthermore, through this approach, we present a concrete OTS scheme, which is efficient and its security proof is simple. Copyright (c) 2009 John Wiley & Sons, Ltd.