In a (t, n) threshold scheme, the secret can be reconstructed by the cooperation of t or more users. With this basic concept, Lee devised a threshold signature scheme with multiple signing policies in 2001. His approach still keeps the main benefit, that is, each member only needs to hold one secret shadow. In Lee's paper, any verifier can authenticate the legality of a group signature with the threshold value t. If a dispute arises, however, no one can trace the cosigners from the group signature. Therefore, we present a multi-policy threshold signature with the ability to recover participant cosigners. In the proposed scheme, different documents can be signed by a suitable threshold value t, and the cosigners are anonymous when they participate in the (t, n) threshold signature. If it is necessary to find out the participant cosigners, one can open the group signature with the help of the system center. Moreover, we also solve the linkage problem, meaning that an opened group signature will not disclose the participant cosigners of other group signatures. In our scheme, each user needs to keep one secret key, one secret shadow and two secret values.

• 出版日期2008-6