Threshold signatures are a fundamental cryptographic primitive used in many practical applications. As proposed by Boneh and Komlo (CRYPTO'22), TAPS is a threshold signature that is a hybrid of privacy and accountability. It enables a combiner to combine t signature shares while revealing nothing about the threshold t or signing quorum to the public and asks a tracer to track a signature to the quorum that generates it. However, TAPS has three disadvantages: it 1) structures upon a centralized model, 2) assumes that both combiner and tracer are honest, and 3) leaves the tracing unnotarized and static. In this work, we introduce Decentralized, Threshold, dynamically Accountable and Private Signature (DeTAPS) that provides decentralized combining and tracing, enhanced privacy against untrusted combiners (tracers), and notarized and dynamic tracing. Specifically, we adopt Dynamic Threshold Public-Key Encryption (DTPKE) to dynamically notarize the tracing process, design non-interactive zero knowledge proofs to achieve public verifiability of notaries, and utilize the Key-Aggregate Searchable Encryption to bridge TAPS and DTPKE so as to awaken the notaries securely and efficiently. In addition, we formalize the definitions and security requirements for DeTAPS. Then we present a generic construction and formally prove its security and privacy. To evaluate the performance, we build a prototype based on SGX2 and Ethereum.

翻译：门限签名是一种基础密码学原语，广泛应用于众多实际场景。由Boneh与Komlo（CRYPTO'22）提出的TAPS是一种兼具隐私性与问责性的混合型门限签名方案。该方案允许组合者合并t个签名份额，同时不向公众泄露门限值t或签名法定人数，并通过追踪者将签名追溯至生成该签名的法定群体。然而，TAPS存在三项缺陷：1）构建于中心化模型之上；2）假设组合者与追踪者均为诚实实体；3）追踪过程缺乏公证且属于静态模式。针对上述问题，本文提出去中心化动态可问责隐私签名（DeTAPS），该方案提供去中心化的签名组合与追踪功能、针对不可信组合者（追踪者）的增强隐私保护，以及经过公证的动态追踪机制。具体而言，我们采用动态门限公钥加密（DTPKE）实现追踪过程的动态公证，设计非交互式零知识证明确保公证行为的公开可验证性，并利用密钥聚合可搜索加密桥接TAPS与DTPKE，从而安全高效地唤醒公证人。此外，我们正式定义了DeTAPS的相关概念与安全需求，提出了通用性构造方案，并严格证明了其安全性与隐私性。为评估性能，我们基于SGX2与以太坊构建了原型系统。