In an out of n threshold scheme, out of n members must cooperate to recover a secret. A kleptographic attack is a backdoor which can be implemented in an algorithm and further used to retrieve a user's secret key. We combine the notions of threshold scheme and kleptographic attack to construct the first out of n threshold kleptographic attack on discrete logarithm based digital signatures and prove its security in the standard and random oracle models. Definition 6 (Indistinguishability from

more »

... dom Bitsind$). The security model of indistinguishability from random bits for a PKE scheme AE is captured in the following game: KeyGen(λ): The challenger C generates the public key, sends it to adversary A and keeps the matching secret key to himself. Query: Adversary A sends C a message m. The challenger encrypts m and obtains the ciphertext c 0 . Let c 1 be a randomly chosen element from the same set as c 0 . The challenger flips a coin b ∈ {0, 1} and returns c b to the adversary. Guess: In this phase, the adversary outputs a guess b ∈ {0, 1}. He wins the game, if b = b.