Pairing Based Threshold Cryptography Improving on Libert-Quisquater and Baek-Zheng

  • Yvo Desmedt
  • Tanja Lange
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4107)


In this paper we apply techniques from secret sharing and threshold decryption to show how to properly design an ID-based threshold system in which one assumes no trust in any party.

In our scheme:

– We avoid that any single machine ever knew the master secret s of the trusted authority (TA). Instead only shares of it will be known by parties of the distributed TA and it can be seen as a virtual key.

–The threshold t TA and the number of shareholders n TA used by the distributed TA do not need to be identical to the ones used by user ID. Moreover, each user ID can use its own values for the threshold t i and the number of parties n i that will acquire shares.

–No single machine will ever know the secret key of the user – this means no single machine in the distributed TA and no shareholder of the user ID and not ID itself.

Like Baek and Zheng suggest, such a scheme can be turned into a mediated system.


Threshold cryptography Mediated system Redistribution schemes Secret sharing ID-based cryptography Pairings Distributed keys 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Baek, J., Zheng, Y.: Identity-based threshold decryption. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 262–276. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Ding, X., Tsudik, G.: Identity based encryption using mediated RSA. In: 3rd Workshop on Information Security Application, Proceedings (2002)Google Scholar
  3. 3.
    Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 425–439. Springer, Heidelberg (1997)Google Scholar
  4. 4.
    Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. In Advances in Cryptology – Crypto 2001. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Canetti, R., Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Adaptive Security for Threshold Cryptosystems. In Advances in Cryptology – Crypto 1999. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 98–115. Springer, Heidelberg (1999)Google Scholar
  7. 7.
    Chen, L., Gollmann, D., Mitchell, C.: Key escrow in mutually mistrusting domains. In Security Protocols Workshop. In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 139–153. Springer, Heidelberg (1997)Google Scholar
  8. 8.
    Desmedt, Y., Jajodia, S.: Redistributing secret shares to new access structures and its applications. Tech. Report ISSE-TR-97-01, George Mason University (July 1997),
  9. 9.
    Ding, X., Tsudik, G.: Simple Identity-Based Cryptography with Mediated RSA. In Topics in Cryptology – CT-RSA 2003. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 193–210. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: 28th Annual Symp. on Foundations of Computer Science (FOCS), pp. 427–437. IEEE Computer Society Press, Los Alamitos (1987)Google Scholar
  11. 11.
    Frankel, Y., Gemmell, P., MacKenzie, P.D., Yung, M.: Optimal resilience proactive public key cryptosystems. In: 38th Annual Symp. on Foundations of Computer Science (FOCS), pp. 384–393. IEEE Computer Society Press, Los Alamitos (1997)Google Scholar
  12. 12.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: The (in)security of distributed key generation in dlog-based cryptosystems. In Advances in Cryptology – Eurocrypt 1999. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999)Google Scholar
  13. 13.
    Libert, B., Quisquater, J.-J.: Efficient revocation and threshold pairing based cryptosystems. In: Principles of Distributed Computing – PODC 2003, pp. 163–171. ACM Press, New York (2003)CrossRefGoogle Scholar
  14. 14.
    Pedersen, T.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)Google Scholar
  15. 15.
    Pedersen, T.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  16. 16.
    Poupard, G., Stern, J.: Generation of shared RSA keys by two parties. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 11–24. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Yvo Desmedt
    • 1
  • Tanja Lange
    • 2
  1. 1.Information Security, Department of Computer ScienceUniversity College LondonUK
  2. 2.Technical University of DenmarkKongens LyngbyDenmark

Personalised recommendations