Threshold Signatures With Verifiably Timed Combining and Message-Dependent Tracing

Threshold Signature (TS) is one of the fundamental cryptographic primitives adopted in many practical applications. Current Threshold, Accountable, and Private Signature (TAPS) schemes suffer from delayed combining, unverifiable combining, and message-independent tracing. More precisely, a malicious combiner may delay the combination of signature shares and replace some signature shares from honest signers with ones from colluding signers, and an unrestricted tracer can reveal signers’ identities arbitrarily. In this work, we introduce a new scheme called TiMTAPS under a stronger security model. First, we sew homomorphic time-lock puzzles into the Schnorr signature, allowing puzzles to be combined and opened as needed. Second, we knit the Schnorr signature with homomorphic commitment for verifiable combining. Third, we infuse the combining phase with an identity-based key encapsulation mechanism for message-dependent tracing. Next, formalize the definitions and requirements for TiMTAPS. Then, we present a concrete construction and formally prove its privacy and security. We build a prototype of TiMTAPS based on Ethereum. Results from extensive experiments exhibit its practicability and efficiency, e.g., combining (tracking) 10 signature sets with a threshold value of 5 requires only 3.72 s (12.44 s) for the threshold signature.