Threshold signatures are a fundamental cryptographic primitive used in many practical applications. As proposed by Boneh and Komlo (CRYPTO'22), TAPS is a threshold signature that is a hybrid of privacy and accountability. It enables a combiner to combine t signature shares while revealing nothing about the threshold t or signing quorum to the public and asks a tracer to track a signature to the quorum that generates it. However, TAPS has three disadvantages: it 1) structures upon a centralized model, 2) assumes that both combiner and tracer are honest, and 3) leaves the tracing unnotarized and static. In this work, we introduce Decentralized, Threshold, dynamically Accountable and Private Signature (DeTAPS) that provides decentralized combining and tracing, enhanced privacy against untrusted combiners (tracers), and notarized and dynamic tracing. Specifically, we adopt Dynamic Threshold Public-Key Encryption (DTPKE) to dynamically notarize the tracing process, design non-interactive zero knowledge proofs to achieve public verifiability of notaries, and utilize the Key-Aggregate Searchable Encryption to bridge TAPS and DTPKE so as to awaken the notaries securely and efficiently. In addition, we formalize the definitions and security requirements for DeTAPS. Then we present a generic construction and formally prove its security and privacy. To evaluate the performance, we build a prototype based on SGX2 and Ethereum.

翻译：阈值签名是一种基础密码学原语，广泛应用于众多实际场景。如Boneh和Komlo在CRYPTO'22中提出的TAPS方案，是一种融合隐私保护与可问责特性的阈值签名协议，它允许组合器合并t个签名份额，同时向公众隐藏阈值t及签名法定人数信息，并借助追踪器将签名追溯至生成该签名的法定人数。但TAPS存在三大缺陷：（1）基于中心化模型构建，（2）假设组合器与追踪器均为诚实实体，（3）追踪过程缺乏公证且呈静态特性。为此，本文提出DeTAPS（去中心化、阈值化、动态可问责与隐私保护签名方案），该方案实现了去中心化的签名组合与追踪功能，增强了对非可信组合器（追踪器）的隐私保护能力，并支持公证化动态追踪。具体而言，我们采用动态阈值公钥加密（DTPKE）对追踪过程进行动态公证，设计非交互式零知识证明实现公证人行为的公开可验证性，并利用密钥聚合可搜索加密桥接TAPS与DTPKE协议，从而安全高效地唤醒公证人机制。同时，我们正式定义了DeTAPS的形式化安全模型与安全需求，给出了通用构造方法，并通过严格证明验证其安全性与隐私性。基于SGX2与以太坊平台的原型系统测试验证了方案的性能表现。