A Threshold Scheme for SM2 Elliptic Curve Cryptographic Algorithm
SHANG Ming1, MA Yuan1,2,3, LIN Jing-Qiang2,3, JING Ji-Wu2,3
1. University of Chinese Academy of Sciences, Beijing 100049, China
2. Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing 100093, China
3. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
Abstract：In threshold cryptography, a private key is shared among multiple participants, and any private-key computation involves a threshold number of participants, hence to improve the security. When a small number of participants are unavailable, the shared private key is still available. A secure threshold cryptographic algorithm should satisfy that, (1) any t players can figure out the signature, the exchanged key or the plaintext, and t or less than t players cannot obtain any available information of the above results, and (2) the execution of the algorithm must not leak any information about the key or the subkeys. Compared with other cryptosystems, elliptic curve cryptosystem uses a much shorter key to achieve an equivalent level of security, thus is superior. In this paper, we design a threshold scheme for the SM2 elliptic curve cryptographic algorithm, consisting of a threshold signature scheme, a threshold key exchange protocol and a threshold decryption algorithm. In addition, we analyze the security and efficiency of the proposed SM2 threshold schemes. Our schemes can work with or without a trusted dealer, and have a small communication load. The security analysis indicates that, (1) the proposed threshold signature algorithm is secure in the presence of t eavesdropping (halting) faults if the total number of players is n≥2t+1(n≥3t+1), (2) the proposed threshold key exchange protocol and threshold decryption algorithm are secure in the presence of t eavesdropping (halting) faults if the total number of players is n≥t+1(n≥2t+1).