Threshold signatures are a fundamental cryptographic primitive used in many practical applications. As proposed by Boneh and Komlo (CRYPTO'22), TAPS is a threshold signature that is a hybrid of privacy and accountability. It enables a combiner to combine t signature shares while revealing nothing about the threshold t or signing quorum to the public and asks a tracer to track a signature to the quorum that generates it. However, TAPS has three disadvantages: it 1) structures upon a centralized model, 2) assumes that both combiner and tracer are honest, and 3) leaves the tracing unnotarized and static. In this work, we introduce Decentralized, Threshold, dynamically Accountable and Private Signature (DeTAPS) that provides decentralized combining and tracing, enhanced privacy against untrusted combiners (tracers), and notarized and dynamic tracing. Specifically, we adopt Dynamic Threshold Public-Key Encryption (DTPKE) to dynamically notarize the tracing process, design non-interactive zero knowledge proofs to achieve public verifiability of notaries, and utilize the Key-Aggregate Searchable Encryption to bridge TAPS and DTPKE so as to awaken the notaries securely and efficiently. In addition, we formalize the definitions and security requirements for DeTAPS. Then we present a generic construction and formally prove its security and privacy. To evaluate the performance, we build a prototype based on SGX2 and Ethereum.

翻译：门限签名作为一种基础密码学原语，广泛应用于各类实际场景。Boneh与Komlo（CRYPTO'22）提出的TAPS是一种兼具隐私性与可问责性的门限签名方案：它允许组合器在隐藏门限值t及签名群体信息的前提下合并t个签名份额，同时由追踪器实现签名与生成该签名的群体之间的关联追溯。然而TAPS存在三个缺陷：1）基于中心化模型构建；2）假设组合器与追踪器均为诚实实体；3）追踪过程缺乏公证机制且具有静态特征。本文提出去中心化动态可问责隐私门限签名方案（DeTAPS），实现去中心化的签名组合与追踪机制，增强针对不可信组合器（追踪器）的隐私保护，并引入公证化动态追踪特性。具体而言，我们采用动态门限公钥加密（DTPKE）实现追踪过程的动态公证，设计非交互零知识证明确保公证结果的可公开验证性，通过密钥聚合可搜索加密桥接TAPS与DTPKE以达到安全高效唤醒公证人的目的。此外，我们形式化定义DeTAPS的安全模型与安全需求，提出通用性构造方案并严格证明其安全性与隐私性。为评估性能，基于SGX2与以太坊搭建原型系统进行实验验证。