With that, they assume that signers use their personal trusted computing bases for generating signatures without any communication with servers.
First proposed in 1989 by Even, Goldreich and Micali[2][3][4] in order to speed up the signature creation procedure, which is usually much more time-consuming than verification.
Proposed in 1996 by Asokan, Tsudik and Waidner[12][13] in order to delegate the use of time-consuming operations of asymmetric cryptography from clients (ordinary users) to a server.
In SSS, signature servers are not assumed to be Trusted Third Parties (TTPs) because the transcript of the hash chain authentication phase can be used for non repudiation purposes.
Proposed in 2002 by Perrin, Bruns, Moreh and Olkin[15] in order to reduce the problems and costs related to individual private keys.
The main motivation behind DS was that private keys are difficult for ordinary users to use and easy for attackers to abuse.