自區塊鏈問世以來，大眾對隱私的擔憂不斷提升。同時，密碼學的相關發展，如多方計算（MPC）、零知識證明和同態加密等，為閾值密碼學發展奠定了穩固基礎。本研究深入討論兩種主要類型的閾值ECDSA，並以演算法為例進行驗證。此外，根據回合數 、傳輸量以及計算量，對兩種算法進行全面性比較。另一方面，本研究進一步探討閾值加密技術的各種應用，包括TOPRF、TPPSS以及雲端計算中的各種應用。

Ever since the emergence of blockchain, the concerns to privacy have been rising among the public. Meanwhile, the advancements of cryptography, such as MPC (Multi Party Computation), zero-knowledge proof, and homomorphic encryption, etc., pave a consolidated foundation for the threshold cryptography development. In this study, two major types of threshold ECDSA were discussed in depth, and each of them was testified via an algorithm as an example. In addition, the two algorithms were also compared comprehensively based on the number of rounds, the amount of transmission, and the amount of calculation. Furthermore, various applications of threshold cryptography, including TOPRFs, TPPSS, and a variety of applications in cloud computing, were also explored in this study.

致謝 ii
摘要 iii
Abstract iv
Table of figures viii
Chapter 1. Introduction 9
Chapter 2. Definition and Tools 12
2.1 Decisional Composite Residuosity Assumption (DCRA) 12
2.2 Paillier cryptosystem11 12
2.3 Oblivious Transfer (OT) 13
2.4 Multiplication into addition 14
2.5 Schnorr’s zero-knowledge proof with Fiat–Shamir heuristic 15
Chapter 3. Standardization, Applications and Challenges of Threshold Cryptography 17
3.1 Standardization and recommendations of threshold cryptography 17
3.2 Challenges and issues in standardization of threshold cryptography 18
3.3 Security of threshold cryptography 20
3.3.1 Threshold values 20
3.3.2 Concerning tradeoff among security properties 20
3.3.3 Confidentiality, integrity and availability 20

3.3.4 Defining fx 21
3.4 Applications of threshold cryptography 22
3.4.1 Threshold Oblivious Pseudo-Random Functions (TOPRFs) 22
3.4.2 Threshold Oblivious Password Protected Secret Sharing (TOPPSS) 25
Chapter 4. Applications of threshold signature 27
4.1 Multi signature vs. Threshold signature 27
4.2 Threshold ECDSA 29
4.3 Securing Bitcoin wallets via a new DSA/ECDSA threshold signature scheme. 29
4.3.1 R Gennaro’s algorithm 30
4.3.2 Efficiency analysis 32
4.4 Threshold ECDSA from ECDSA Assumptions14, 15 34
4.4.1 Doerner’s algorithm 35
4.4.2 Efficiency analysis 37
4.5 Comparisons between the two studies 39
4.6 Other forms of threshold secret sharing 40
4.6.1 Weighted threshold47-51 40
Chapter 5. Threshold Cryptography on Cloud Computing 42
5.1 Introduction of cloud computing 42
5.2 The NIST definition of cloud computing 42
5.3 Threshold Cryptography on Cloud Computing 43

5.3.1 Threshold cryptography based on data security in cloud computing55 44
5.3.2 A secured key for cloud computing using threshold cryptography in Kerberos56 46
5.3.3 Searching for the optimal value for threshold on cloud computing57 48
Chapter 6. Conclusions 50
References 52

1. Shamir, A.: How to share a secret. Communications of the ACM 22, 612-613 (1979)
2. Desmedt, Y.: Threshold Cryptography. European Transactions on Telecommunications 5, 307-315 (1994)
3. Feldman, P.: A Practical Scheme for Non-interactive Verifiable Secret Sharing. 28th Annual Symposium on Foundations of Computer Science (1987)
4. Benny Chor, S.G., Silvio Micali, Baruch Awerbuch: Verifiable secret sharing and achieving simultaneity in the presence of faults. SFCS ''85 Proceedings of the 26th Annual Symposium on Foundations of Computer Science 383-395 (1985)
5. Alfredo De Santis, Y.D., Yair Frankel, Moti Yung: How to share a function securely. STOC ''94 Proceedings of the twenty-sixth annual ACM symposium on Theory of Computing 522-533 (1994)
6. Yvo Desmedt, Y.F.: Shared generation of authenticators and signatures. Annual International Cryptology Conference 457-469 (1991)
7. Pedersen, T.P.: A Threshold Cryptosystem without a Trusted Party. Workshop on the Theory and Application of of Cryptographic Techniques 522-526 (1911)
8. Brandão, L.T.A.N., Mouha, N., Vassilev, A.: Threshold Schemes for Cryptographic Primitives: Challenges and Opportunities in Standardization and Validation of Threshold Cryptography. NIST Internal Report (NISTIR) 8214 (2019)
9. Yao, A.C.: Protocols for secure computations. SFCS ''82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science 160-164 (1982)
10. Gilboa, N.: Two Party RSA Key Generation. Annual International Cryptology Conference 116-129 (1999)
11. Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. International Conference on the Theory and Applications of Cryptographic Techniques 223-238 (1999)
12. Schnorr, C.P.: Efficient Identification and Signatures for Smart Cards. Conference on the Theory and Application of Cryptology 239-252 (1989)
13. Steven Goldfeder, A.H.N., Rosario Gennaro, Harry Kalodner, Joseph Bonneau, Joshua A. Kroll, Edward W. Felten: Securing Bitcoin wallets via a new DSA/ECDSA threshold signature scheme. (2015)
14. Doerner, J., Kondi, Y., Lee, E., Shelat, A.: Secure Two-party Threshold ECDSA from ECDSA Assumptions. 2018 IEEE Symposium on Security and Privacy (SP), pp. 980-997 (2018)
15. Jack Doerner, Y.K., Eysa Lee, Abhi Shelat: Threshold ECDSA from ECDSA Assumptions: The Multiparty Case. IACR Cryptology ePrint Archive 2019 (2019)
16. Peter Mell, T.G.: The NIST Definition of Cloud Computing. NIST Special Publication 800-145 (2011)
17. Rabin, M.O.: How to Exchange Secrets with Oblivious Transfer. Harvard University Technical Report 81 (1981)
18. Lempel, S.E.G.: A Randomized Protocol for Signing Contracts. Advances in Cryptology 205-210 (1983)
19. Pinkas, M.N.a.B.: Oblivious Polynomial Evaluation. SIAM J. Comput. 35, 1254-1281 (2006)
20. Bill Aiello, Y.I., and Omer Reingold: Priced Oblivious Transfer: How to Sell Digital Goods. International Conference on the Theory and Applications of Cryptographic Techniques 119-135 (2001)
21. Sven Laur, H.L.: A New Protocol for Conditional Disclosure of Secrets And Its Applications. International Conference on Applied Cryptography and Network Security 207-225 (2007)
22. Vladimir Kolesnikov, R.K., Mike Rosulek, Ni Trieu: Efficient Batched Oblivious PRF with Applications to Private Set Intersection. CCS ''16 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security 818-829 (2016)
23. CREPEAU, G.B.a.C.: All-or Nothing Disclosure of Secrets. Conference on the Theory and Application of Cryptographic Techniques 234-238 (1986)
24. Y. Ishai, E.K.: Private simultaneous messages protocols with applications. Proceedings of the Fifth Israeli Symposium on Theory of Computing and Systems (1997)
25. Hui-Feng Huang, C.C.C.: A New t-out-n Oblivious Transfer with Low Bandwidth. Applied Mathematical Sciences 1, 311-320 (2007)
26. Yuval Ishai, J.K., Kobbi Nissim, and Erez Petrank: Extending Oblivious Transfers Efficiently. Annual International Cryptology Conference 145-161 (2003)
27. Tung Chou, C.O.: The Simplest Protocol for Oblivious Transfer. International Conference on Cryptology and Information Security in Latin America 40-58 (2015)
28. W. Diffie, M.H.: New Directions in Cryptography. IEEE Transactions on Information Theory 22, 644-654 (1976)
29. Amos Fiat, A.S.: How To Prove Yourself: Practical Solutions to Identification and Signature Problems. Conference on the Theory and Application of Cryptographic Techniques 186-194 (1986)
30. Technology, N.I.o.S.a.: Digital Signature Standard (DSS). FIPS PUB 186-4 (2013)
31. R.L. Rivest, A.S., and L. Adleman: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21, 120-126 (1978)
32. Oded Goldreich, S.G., Silvio Micali, Kazuo Ohta, Leonid Reyzin: How to construct random functions. Journal of the ACM 33, 792-807 (1986)
33. Moni Naor, O.R.: Number-Theoretic Constructions of Efficient Pseudo-Random Functions. Journal of the ACM 51, 231-262 (2004)
34. Michael J. Freedman, Y.I., Pinkas, Omer Reingold: Keyword Search and Oblivious Pseudorandom Functions. Theory of Cryptography Conference 303-324 (2005)
35. Stanisław Jarecki, X.L.: Efficient Oblivious Pseudorandom Function with Applications to Adaptive OT and Secure Computation of Set Intersection. Theory of Cryptography Conference 577-594 (2009)
36. Stanislaw Jarecki, H.K., Jason Resch: Threshold Partially-Oblivious PRFs with Applications to Key Management. Cryptology ePrint Archive: Report 2018/733 (2018)
37. Ali Bagherzandi, S.J., Yanbin Lu, Nitesh Saxena: Password-Protected Secret Sharing. Bibliometrics 433-444 (2011)
38. Michel Abdalla, M.C., Anca Nitulescu, and David Pointcheval: Robust Password-Protected Secret Sharing. ESORICS 2016 61-79 (2016)
39. Stanisl: TOPPSS: Cost-minimal Password-Protected Secret Sharing based on Threshold OPRF. International Conference on Applied Cryptography and Network Security 39-58 (2017)
40. Silvio Micali, K.O., Leonid Reyzin: Accountable-Subgroup Multisignatures. CCS ''01 Proceedings of the 8th ACM conference on Computer and Communications Security 245-254 (2001)
41. Raju GANGISHETTI, M.C.G., Manik Lal DAS, Ashutosh SAXENA: Identity Based Multisignatures. INFORMATICA 17, 177-186 (2006)
42. Harn, L.: Group-oriented (t,n)threshold digital signature scheme and digital multisignature. IEE Proceedings - Computers and Digital Techniques 141, 307-313 (1994)
43. Choonsik Park, K.K.: New ElGamal Type Threshold Digital Signature Scheme. (1996)
44. Chuan-Ming Li, T.H., Narn-Yih Lee: Remark on the Threshold RSA Signature Scheme. CRYPTO ''93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology 413-420 (1993)
45. Shoup, V.: Practical Threshold Signatures. EUROCRYPT''00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques 207-220 (2000)
46. Rosario Gennaro, S.G., Arvind Narayanan: Threshold-optimal DSA/ECDSA signatures and an application to Bitcoin wallet security. International Conference on Applied Cryptography and Network Security 156-174 (2016)
47. Dikshit, P., Singh, K.: Weighted threshold ECDSA for securing bitcoin wallet. ACCENTS Transactions on Information Security 2, 43-51 (2016)
48. Pratyush Dikshit, K.S.: Efficient Weighted Threshold ECDSA for Securing Bitcoin Wallet. 2017 ISEA Asia Security and Privacy (ISEASP) (2017)
49. P.Morillo, C.P., G.Sáez, J.L.Villar: Weighted threshold secret sharing schemes. Information Processing letters 70, 211-216 (1999)
50. Drăgan, C.C., Ţiplea, F.L.: Distributive weighted threshold secret sharing schemes. Information Sciences 339, 85-97 (2016)
51. Beimel, A., Tassa, T., Weinreb, E.: Characterizing Ideal Weighted Threshold Secret Sharing. SIAM Journal on Discrete Mathematics 22, 360-397 (2008)
52. Tassa, T.: Hierarchical Threshold Secret Sharing. Journal of Cryptology 20, 237-264 (2007)
53. Mark L. Badger, T.G., Robert Patt-Corner, Jeffrey M. Voas: Cloud Computing Synopsis and Recommendations. NIST Special Publication 800-146 (2012)
54. Fang Liu, J.T., Jian Mao, Robert B. Bohn, John V. Messina, Mark L. Badger, Dawn M. Leaf: NIST Cloud Computing Reference Architecture. Special Publication (NIST SP) - 500-292 (2011)
55. Saroj, S.K., Chauhan, S.K., Sharma, A.K., Vats, S.: Threshold Cryptography Based Data Security in Cloud Computing. 2015 IEEE International Conference on Computational Intelligence & Communication Technology, pp. 202-207 (2015)
56. Shubha Bharill, T.H., Praveen Lalwani: A Secure Key for Cloud using Threshold Cryptography in Kerberos. International Journal of Computer Applications 79, 35-41 (2013)
57. Janratchakool, W., Boonkrong, S., Smanchat, S.: Finding the Optimal Value for Threshold Cryptography on Cloud Computing. International Journal of Electrical and Computer Engineering (IJECE) 6, (2016)