1. Abe, M.: Securing encryption + proof of knowledge in the random oracle model. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 277–289. Springer, Heidelberg (2002)CrossRefGoogle Scholar
2. Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. IEEE Journal on Selected Areas in Communications 18(4), 593–610 (2000)CrossRefGoogle Scholar
3. Bellare, M., et al.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 26. Springer, Heidelberg (1998)Google Scholar
4. Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
5. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for noncryptographic fault-tolerant distributed computation. In: Proceedings of the 20th Annual ACM Symposium on Theory of Computing, STOC 1988, ACM, New York (1988)Google Scholar
6. Cachin, C.: Efficient private bidding and auctions with an oblivious third party. In: 6th ACM Conference on Computer and Communications Security (CCS), pp. 120–127. ACM, New York (1999)CrossRefGoogle Scholar
7. Camenisch, J., Damgård, I.: Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 331–345. Springer, Heidelberg (2000)CrossRefGoogle Scholar
8. Canetti, R., et al.: Adaptive security for threshold cryptosystems. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 98–115. Springer, Heidelberg (1999)Google Scholar
9. Cramer, R., et al.: Multi-authority secret ballot elections with linear work. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 72–83. Springer, Heidelberg (1999)Google Scholar
10. Desmedt, Y.: Society and group oriented cryptography: A new concept. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 120–127. Springer, Heidelberg (1987)Google Scholar
11. Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, Heidelberg (1990)Google Scholar
12. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
13. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problem. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
14. Fouque, P., Stern, J.: One round threshold discrete-log key generation without private channels. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 300–316. Springer, Heidelberg (2001)CrossRefGoogle Scholar
15. Franklin, M., Reiter, M.: Verifiable signature sharing. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 50–63. Springer, Heidelberg (1995)Google Scholar
16. Gennaro, R., et al.: Distributed key generation for discrete-log based cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999)Google Scholar
17. Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, Cambridge (2001)zbMATHCrossRefGoogle Scholar
18. Goldreich, O., Micali, S., Wigderson, A.: How to play ANY mental game. In: 19th STOC, pp. 25–27. Springer, Heidelberg (1987)Google Scholar
19. Hirt, M., Sako, K.: Efficient receipt-free voting based on homomorphic encryption. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 539–556. Springer, Heidelberg (2000)CrossRefGoogle Scholar
20. http://tycho.usno.navy.mil/gps.html
21. Jarecki, S., Lysyanskaya, A.: Adaptively secure threshold cryptography: Introducing concurrency, removing erasures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 221–242. Springer, Heidelberg (2000)CrossRefGoogle Scholar
22. Lysyanskaya, A., Peikert, C.: Adaptive security in the threshold setting: From cryptosystems to signature schemes. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 331–350. Springer, Heidelberg (2001)CrossRefGoogle Scholar
23. Mao, W.: Verifiable escrowed signature. In: Mu, Y., Pieprzyk, J.P., Varadharajan, V. (eds.) ACISP 1997. LNCS, vol. 1270, pp. 240–248. Springer, Heidelberg (1997)CrossRefGoogle Scholar
24. Micali, S.: Fair public-key cryptosystems. In: Brickell, E.F. (ed.) CRYPTO 1992, vol. 740, pp. 113–138. Springer, Heidelberg (1993)Google Scholar
25. Paillier, P.: Public key cryptosystem based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
26. Pedersen, T.P.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)Google Scholar
27. Pfitzmann, B., Schunter, M., Waidner, M.: Optimal efficiency of optimistic contract signing. In: 17th PODC, pp. 113–122. Springer, Heidelberg (1998)Google Scholar
28. Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority. In: 21th STOC. LNCS, pp. 73–85. Springer, Heidelberg (1989)Google Scholar
29. Schnorr, C.P.: Ecient signature generation for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)Google Scholar
30. Shamir, A.: How to share a secret. Communications of ACM 22, 612–613 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
31. Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attacks. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 1–16. Springer, Heidelberg (1998)CrossRefGoogle Scholar
32. Stadler, M.: Publicly verifiable secret sharing. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 190–199. Springer, Heidelberg (1996)Google Scholar

• Efficient Distributed Key Generation For Threshold Signatures Definity Free
• Efficient Distributed Key Generation For Threshold Signatures Definity X
• Efficient Distributed Key Generation For Threshold Signatures Definity Meaning

Oct 06, 2017  The secure generation of the group signing keys is thus critical to both block notarization and the randomness that secures the threshold relay consensus process. DFINITY uses. Feb 07, 2019  Efficient Distributed Key Generation for Threshold Signatures - Mahnush Movahedi Stanford Blockchain Conference (SBC) '19, January 30th.

A threshold cryptosystem, the basis for the field of threshold cryptography, is a cryptosystem that protects information by encrypting it and distributing it among a cluster of fault-tolerant computers. The message is encrypted using a public key, and the corresponding private key is shared among the participating parties. With a threshold cryptosystem, in order to decrypt an encrypted message or to sign a message, several parties (more than some threshold number) must cooperate in the decryption or signature protocol.

History[edit]

Perhaps the first system with complete threshold properties for a trapdoor function (such as RSA) and a proof of security was published in 1994 by Alfredo De Santis, Yvo Desmedt, Yair Frankel, and Moti Yung.^[1]

Historically, only organizations with very valuable secrets, such as certificate authorities, the military, and governments made use of this technology.One of the earliest implementations was done in the 1990s by Certco for the planned deployment of the original Secure electronic transaction.^[2]However, in October 2012, after a number of large public website password ciphertext compromises, RSA Security announced that it would release software to make the technology available to the general public.^[3]

In March 2019, the National Institute of Standards and Technology (NIST) conducted a workshop on threshold cryptography to establish consensus on applications, and define specifications.^[4] In November, NIST published a draft roadmap 'towards the standardization of threshold schemes for cryptographic primitives' as NISTIR 8214A.^[5][6]

Methodology[edit]

Let ${\displaystyle n}$ be the number of parties. Such a system is called (t,n)-threshold, if at least t of these parties can efficiently decrypt the ciphertext, while less than t have no useful information. Similarly it is possible to define a (t,n)-threshold signature scheme, where at least t parties are required for creating a signature.^{[citation needed]}

Efficient Distributed Key Generation For Threshold Signatures Definity Free

Versions[edit]

Threshold versions of encryption or signature schemes can be built for many asymmetric cryptographic schemes. The natural goal of such schemes is to be as secure as the original scheme. Such threshold versions have been defined by the above and by the following:^[7]

• Damgård–Jurik cryptosystem^[8][9]
• DSA^[10][11]
• ECDSA^[12][13]

Application[edit]

The most common application is in the storage of secrets in multiple locations to prevent the capture of the ciphertext and the subsequent cryptanalysis on that ciphertext. Most often the secrets that are 'split' are the secret key material of a public key cryptography key pair or the ciphertext of stored password hashes.^{[citation needed]}

See also[edit]

Efficient Distributed Key Generation For Threshold Signatures Definity X

References[edit]

1. ^Alfredo De Santis, Yvo Desmedt, Yair Frankel, Moti Yung: How to share a function securely. STOC 1994: 522-533 [1]
2. ^Visa and Mastercard have just announced the selection of two companies -- CertCo and Spyrus, 1997-05-20, retrieved 2019-05-02.
3. ^Tom Simonite (2012-10-09). 'To Keep Passwords Safe from Hackers, Just Break Them into Bits'. Technology Review. Retrieved 2019-05-02.
4. ^'Threshold Cryptography'. csrc.nist.gov. 2019-03-20. Retrieved 2019-05-02.
5. ^Computer Security Division, Information Technology Laboratory (2018-07-25). 'NIST Releases Draft NISTIR 8214 for Comment | CSRC'. CSRC | NIST. Retrieved 2020-03-24.
6. ^Brandão, Luís T. A. N.; Davidson, Michael; Vassilev, Apostol (2019-11-08). 'Towards NIST Standards for Threshold Schemes for Cryptographic Primitives: A Preliminary Roadmap'.Cite journal requires |journal= (help)
7. ^Jonathan Katz, Moti Yung:Threshold Cryptosystems Based on Factoring. ASIACRYPT 2002: 192-205 [2]
8. ^Ivan Damgård, Mads Jurik: A Length-Flexible Threshold Cryptosystem with Applications. ACISP 2003: 350-364
9. ^Ivan Damgård, Mads Jurik: A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System. Public Key Cryptography 2001: 119-136
10. ^Rosario Gennaro, Stanislaw Jarecki, Hugo Krawczyk, Tal Rabin: Robust Threshold DSS Signatures. EUROCRYPT 1996: 354-371
11. ^'Distributed Privacy Guard (DKGPG)'. 2017.
12. ^Green, Marc; Eisenbarth, Thomas (2015). 'Strength in Numbers: Threshold ECDSA to Protect Keys in the Cloud'(PDF).Cite journal requires |journal= (help)
13. ^Gennaro, Rosario; Goldfeder, Steven; Narayanan, Arvind (2016). 'Threshold-optimal DSA/ECDSA signatures and an application to Bitcoin wallet security'(PDF).Cite journal requires |journal= (help)

Efficient Distributed Key Generation For Threshold Signatures Definity Meaning