Lightweight Threshold Key Management with BLS Signatures for Distributed IoT Perception Networks

As the scale of IoT perception-layer devices expands and security threats become increasingly complex, traditional centralized key management solutions are unable to meet security requirements in resource-constrained scenarios due to high single-point failure risks and high communication overhead. To this end, this paper proposes a distributed key management scheme based on threshold secret sharing and aggregate signature, aiming to solve the problems of physical hijacking attacks and adaptability to dynamic environments. Firstly, a key sharding mechanism based on Shamir (k, n) threshold strategy is designed. The distributed storage and dynamic reconstruction of the master key are realized through polynomial construction and Lagrange interpolation, ensuring that the leakage of a single node cannot threaten the global security. Secondly, the BLS (Boneh-Lynn-Shacham) aggregate signature technology is introduced to optimize the integrity and identity authentication process of shard transmission, compressing the communication overhead to 32 bytes/shard, which is 67% lower than the traditional ECDSA solution. Experimental results show that the key recovery delay of this scheme on the STM32H7 platform is less than 10ms, the success rate of resisting physical hijacking attacks is 99.2%, and the sharding reconstruction efficiency is significantly better than the existing schemes. In addition, through verification in smart grid and industrial Internet of Things scenarios, the solution supports dynamic key updates and real-time response (delay <5ms) in high-concurrency environments, providing a lightweight and highly robust key management paradigm for large-scale Internet of Things deployments. Future research will further explore the integration of post-quantum cryptography and hardware acceleration optimization to address quantum computing threats and improve system scalability.