Simulatability and security of certificateless threshold signatures q Licheng Wang, Zhenfu Cao * , Xiangxue Li, Haifeng Qian Department of Computer Science and Engineering, Shanghai Jiao Tong University, 1954 Huashan Road, Shanghai 200030, People’s Republic of China Received 21 September 2005; received in revised form 1 August 2006; accepted 4 August 2006 Abstract We analyze the relationship between the notion of certificateless public key cryptography (CL-PKC) and identity-based schemes without a trusted private key generator (PKG), formally define the security of certificateless threshold signatures, and propose a concrete implementation based on bilinear pairings. To exhibit the security of our proposal, we develop the theory of simulatability and relationship between the certificateless threshold signatures and the underlying (non-thresh- old) ID-based signatures. We show that the proposed scheme is robust and existentially unforgeable against adaptively chosen message attacks under CDH assumption in the random oracle model. Ó 2006 Elsevier Inc. All rights reserved. Keywords: Digital signature; Key escrow; Certificateless; Threshold; Provable security; Simulatabilty 1. Introduction 1.1. CA-based signatures and ID-based signatures In a digital signature scheme, there is a need to provide an assurance to the user about the relationship between a public key and the identity (or authority) of the holder of the corresponding private key. In the tra- ditional public key cryptography (PKC), such assurance is obtained by using a certificate that is digitally signed by a ‘‘Trusted Third Party (TTP)’’, also termed as ‘‘Certification Authority (CA)’’. Today, the manage- ment of infrastructure supporting certificates, including revocation, storage, distribution and the computation cost of certificate verification, incurs the main complaint against traditional public key infrastructure (PKI). These situations are particularly acute in small processor or bandwidth limited environments. 0020-0255/$ - see front matter Ó 2006 Elsevier Inc. All rights reserved. doi:10.1016/j.ins.2006.08.008 q An extended abstract of this paper was presented at International Conference on Computational Intelligence and Security (CIS), Xi’an, China, December 2005. * Corresponding author. Tel.: +86 21 34204642. E-mail addresses: wanglc@cs.sjtu.edu.cn (L. Wang), zfcao@cs.sjtu.edu.cn (Z. Cao). Information Sciences 177 (2007) 1382–1394 www.elsevier.com/locate/ins