github.com/cloudflare/circl@v1.5.0/tss/rsa/README.md

github.com/cloudflare/circl@v1.5.0/tss/rsa/README.md (about)

     1  # RSA Threshold Signatures
     2  
     3  This is an implementation of ["Practical Threshold Signatures" by Victor Shoup](https://www.iacr.org/archive/eurocrypt2000/1807/18070209-new.pdf).
     4  Protocol 1 is implemented.
     5  
     6  ## Threshold Primer
     7  
     8  Let *l* be the total number of players, *t* be the number of corrupted players, and *k* be the threshold.
     9  The idea of threshold signatures is that at least *k* players need to participate to form a valid signature.
    10  
    11  Setup consists of a dealer generating *l* key shares from a key pair and "dealing" them to the players. In this implementation the dealer is trusted.
    12  
    13  During the signing phase, at least *k* players use their key share and the message to generate a signature share.
    14  Finally, the *k* signature shares are combined to form a valid signature for the message.
    15  
    16  ## Modifications
    17  
    18  1. Our implementation is not robust. That is, the corrupted players can prevent a valid signature from being formed by the non-corrupted players. As such, we remove all verification.
    19  2. The paper requires p and q to be safe primes. We do not.