On Signature Schemes with Threshold Veriication Detecting Malicious Veriiers on Signature Schemes with Threshold Veriication Detecting Malicious Veriiers

While in the ordinary digital signature model one veriier is suucient to check the validity of a given signature, there are situations in which only t out of a group of n veriiers should be able to verify the signatures. These veriiers can either be anonymous, non-anonymous or convertible non-anonymous. So far, only schemes for the anonymous shared veriication signature concept have been suggested. They suuer from diierent drawbacks, especially the assumption, that all t veriiers must be honest during the veriication. In this paper, the drawbacks are discussed and an improved scheme is suggested. Furthermore, new protocols for the two other concepts are presented. Some solutions will demonstrate the close relation between signature schemes with threshold veriication and threshold cryptosystems. Abstract. While in the ordinary digital signature model one veriier is suucient to check the validity of a given signature, there are situations in which only t out of a group of n veriiers should be able to verify the signatures. These veriiers can either be anonymous, non-anonymous or convertible non-anonymous. So far, only schemes for the anonymous shared veriication signature concept have been suggested. They suuer from diierent drawbacks, especially the assumption, that all t veriiers must be honest during the veriication. In this paper, the drawbacks are discussed and an improved scheme is suggested. Furthermore, new protocols for the two other concepts are presented. Some solutions will demonstrate the close relation between signature schemes with threshold veriication and threshold cryptosystems.