Abstract
In the traditional scenario in cryptography there is one sender, one receiver and an active or passive eavesdropper who is an opponent. Depending from the application the sender or the receiver (or both) need to use a secret key. Often we are not dealing with an individual sender/receiver, but the sender/receiver is an organization. The goal of threshold cryptography is to present practical schemes to solve such problems without the need to use the more general methods of mental games.
In this paper we survey some recent research results on this topic. In particular on: DSS based threshold signatures, robust threshold cryptography, threshold cryptography without a trusted dealer, more optimal secret sharing schemes for threshold cryptography, proactive threshold cryptography and its generalizations.
A part of this work has been supported by NSF Grant NCR-9508528, the E.P.S.R.C. and by CNR AI n.94.00011.
Preview
Unable to display preview. Download preview PDF.
References
N. Alon, Z. Galil, and M. Yung. Efficient dynamic-resharing “verifiable secret sharing” against mobile adversary. In P. G. Spirakis, editor, Algorithms–ESA '95, Third Annual European Symposium, Proceedings (Lecture Notes in Computer Science 979) 523–537. Springer-Verlag, 1995. Corfu, Greece, September 25–27.
F. Bao, R. Deng, Y. Han, and A. Jeng. Design and analysis of two basic protocols for use in ttp-based key escrow. In V. Varadharajan, J. Pieprzyk, and Y. Mu, editors, Information Security and Privacy, Second Australian Conference, ACIS-P '97, (Lecture Notes in Computer Science 1270), pp. 261–270. Springer-Verlag, 1997. Sydney, NSW, Australia, July 7–9.
A. Beimel, M. Burmester, Y. Desmedt, and E. Kushilevitz. Computing functions of a shared secret. Manuscript, 1995.
M. Ben-Or, S. Goldwasser, J. Kilian, and A. Wigderson. Multi-prover interactive proofs: How to remove intractability assumptions. In Proceedings of the twentieth annual ACM Symp. Theory of Computing, STOC, pp. 113–131, May 2–4, 1988.
J. C. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In A. Odlyzko, editor, Advances in Cryptology, Proc. of Crypto '86 (Lecture Notes in Computer Science 263), pp. 251–260. Springer-Verlag, 1987. Santa Barbara, California, U.S.A., August 11–15.
S. R. Blackburn, M. Burmester, Y. Desmedt, and P. R. Wild. Efficient multiplicative sharing schemes. In U. Maurer, editor, Advances in Cryptology — Eurocrypt '96, Proceedings (Lecture Notes in Computer Science 1070), pp. 107–118. Springer-Verlag, 1996. Zaragoza, Spain, May 12–16.
G. R. Blakley. Safeguarding cryptographic keys. In Proc. Nat. Computer Conf. AFIPS Conf. Proc., pp. 313–317, 1979. vol.48.
D. Boneh and M. Franklin. Efficient generation of shared RSA keys. In B. S. Kaliski, editor, Advances in Cryptology — Crypto '97, Proceedings (Lecture Notes in Computer Science 1294), pp. 425–439. Springer-Verlag, 1997. Santa Barbara, California, U.S.A., August 17–21.
C. Boyd. Some applications of multiple key ciphers. In C. G. Günther, editor, Advances in Cryptology, Proc. of Eurocrypt '88 (Lecture Notes in Computer Science 330), pp. 455–467. Springer-Verlag, May 1988. Davos, Switzerland.
C. Boyd. Digital multisignatures. In H. Beker and F. Piper, editors, Cryptography and coding, pp. 241–246. Clarendon Press, 1989. Royal Agricultural College, Cirencester, December 15–17, 1986.
M. Burmester. Homomorphisms of secret sharing schemes. In U. Maurer, editor, Advances in Cryptology — Eurocrypt '96, Proceedings (Lecture Notes in Computer Science 1070), pp. 96–106. Springer-Verlag, 1996. Zaragoza, Spain, May 12–16.
J. Camenish and M. Stadler. Efficient group signature schemes for large groups. In B. S. Kaliski, editor, Advances in Cryptology — Crypto '97, Proceedings (Lecture NOtes in Computer Science 1294), pp. 410–424. Springer-Verlag, 1997. Santa Barbara, California, U.S.A., August 17–21.
D. Chaum, C. Crépeau, and I. Damgård. Multiparty unconditionally secure protocols In Proceedings of the twentieth annual ACM Symp. Theory of Computing, STOC, pp. 11–19, May 2–4, 1988.
D. Chaum and E. van Heyst. Group signatures. In D. W. Davies, editor, Advances in Cryptology, Proc. of Eurocrypt '91 (Lecture Notes in Computer Science 547), pp. 257–265. Springer-Verlag, April 1991. Brighton, U.K.
L. Chen, D. Gollmann, and C. Mitchell. Key escrow in mutually mistrusting domains. In M. Lomas, editor, Security Protocols (Lecture Notes in Computer Science 1189), pp. 139–153. Springer-Verlag, 1997. Cambridge, United Kingdom April 10–12, 1996
C. Cocks. Split knowledge generation of RSA paremeters. Presented at the 6th IMA Conference on Coding and Cryptography, Cirencester, England, to appear in the proceedings, December 17–19, 1997.
R. A. Croft and S. P. Harris. Public-key cryptography and re-usable shared secrets. In H. Beker and F. Piper, editors, Cryptography and coding, pp. 189–201. Clarendon Press, 1989. Royal Agricultural College, Cirencester, December 15–17, 1986.
G. I. Davida, R. DeMillo, and R. Lipton. Protecting shared cryptographic keys. In Proceedings of the 1980 Symposium on Security and Privacy, pp. 100–102. IEEE Computer Society, April 1980. IEEE Catalog No. 80 CH1522-2.
A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung. How to share a function securely In Proceedings of the twenty-sixth annual ACM Symp. Theory of Computing (STOC), pp. 522–533, May 23–25, 1994. Montréal, Québec, Canada.
Y. Desmedt, G. Di Crescenzo, and M. Burmester. Multiplicative non-abelian sharing schemes and their application to threshold cryptography. In J. Pieprzyk and R. Safavi-Naini, editors, Advances in Cryptology — Asiacrypt '94, Proceed ings (Lecture Notes in Computer Science 917), pp. 21–32. Springer-Verlag, 1995. Wollongong, Australia, November/December, 1994.
Y. Desmedt and Y. Frankel. Threshold cryptosystems. In G. Brassard, editor, Advances in Cryptology — Crypto '89, Proceedings (Lecture Notes in Computer Science 435), pp. 307–315. Springer-Verlag, 1990. Santa Barbara, California, U.S.A., August 20–24.
Y. Desmedt and Y. Frankel. Shared generation of authenticators and signatures. In J. Feigenbaum, editor, Advances in Cryptology — Crypto '91, Proceedings (Lecture Notes in Computer Science 576), pp. 457–469. Springer-Verlag, 1992. Santa Barbara, California, U.S.A., August 12–15.
Y. Desmedt and S. Jajodia. Redistributing secret shares to new access structures and its applications. Tech. Report ISSE-TR-97-O1, George Mason University, July 1997. ftp://isse.gmu.edu/pub/techrep/97_01_jajodia.ps.gz.
Y. G. Desmedt. Threshold cryptography. European Trans. on Telecommunications, 5(4), pp. 449–457, July-August 1994. (Invited paper).
Y. G. Desmedt and Y. Frankel. Homomorphic zero-knowledge threshold schemes over any finite abelian group. SIAM Journal on Discrete Mathematics, 7(4), pp. 667–679, November 1994.
Y. Desmedt. Society and group oriented cryptography: a new concept. In C. Pomerance, editor, Advances in Cryptology, Proc. of Crypto '87 (Lecture Notes in Computer Science 293), pp. 120–127. Springer-Verlag, 1988. Santa Barbara, California, U.S.A., August 16–20.
Y. Desmedt. Threshold cryptography. In W. Wolfowicz, editor, Proceedings of the 3rd Symposium on: State and Progress of Research in Cryptography, pp. 110–122, February 15–16, 1993. Rome, Italy, invited paper.
Y. Desmedt. Extending Reed-Solomon codes to modules. In Proceedings 1995 IEEE International Symposium on Information Theory, p. 498, Whistler, BC, Canada, September 17–22, 1995.
Y. Desmedt and Y. Frankel. Perfect zero-knowledge sharing schemes over any finite Abelian group. In R. Capocelli, A. De Santis, and U. Vaccaro, editors, Sequences II (Methods in Communication, Security, and Computer Science), pp. 369–378. Springer-Verlag, 1993. Positano, Italy, June 17–21, 1991.
Y. Desmedt, Y. Frankel, and M. Yung. Multi-receiver / multi-sender network security efficient authenticated multicast/ feedback. In IEEE INFOCOM '92, Eleventh Annual Joint Conference of the IEEE Computer and Communications Societies, pp. 2045–2054, Florence, Italy, May 4–8, 1992.
W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Trans. Inform Theory, IT-22(6), pp. 644–654, November 1976.
T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inform. Theory, 31, pp. 469–472, 1985.
Y. Frankel. A practical protocol for large group oriented networks. In J.-J. Quisquater and J. Vandewalle, editors, Advances in Cryptology, Proc. of Eurocrypt '89 (Lecture Notes in Computer Science 434), pp. 56–61. Springer-Verlag, 1990. Houthalen, Belgium, April 10–13.
Y. Frankel and Y. Desmedt. Parallel reliable threshold multisignature. Tech. Report TR-92-04-02, Dept. of EE & CS, Univ. of Wisconsin-Milwaukee, April 1992. ftp://ftp.cs.uwm.edu/pub/tech_reports/desmedt-rsa-threshold_92.ps.
Y. Frankel, P. Gemmell, P. D. MacKenzie, and M. Yung. Optimal resilience proactive public key cryptosystems. In 38th Annual Symp. on Foundations of Computer Science (FOGS). IEEE Computer Society Press, October 20–22, 1997. Miami Beach, Florida, U.S.A.
Y. Frankel, P. Gemmell, P. D. MacKenzie, and M. Yung. Proactive RSA. In B. S. Kaliski, editor, Advances in Cryptology — Crypto '97, Proceedings (Lecture Notes in Computer Science 1294), pp. 440–454. Springer-Verlag, 1997. Santa Barbara, California, U.S.A., August 17–21.
Y. Frankel, P. Gemmell, and M. Yung. Witness-based cryptographic program checking and robust function sharing. In Proceedings of the Twenty-Eighth Annual ACM Symp. on Theory of Computing, pp. 499–508, May, 22–24, 1996.
Y. Frankel, Y. Desmedt, and M. Burmester. Non-existence of homomorphic general sharing schemes for some key spaces. In E. F. Brickell, editor, Advances in Cryptology — Crypto '92, Proceedings (Lecture Notes in Computer Science 740), pp. 549–557. Springer-Verlag, 1993. Santa Barbara, California, U.S.A., August 16–20.
Z. Galil, S. Haber, and M. Yung. Minimum-knowledge interactive proofs for decision problems. SIAM J. Comput., 18(4), pp. 711–739, August 1989.
C. Gehrmann and Y. Desmedt. Truly anonymous secret sharing. Manuscript.
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust and efficient sharing of RSA functions. In N. Koblitz, editor, Advances in Cryptology — Crypto '96, Proceedings (Lecture Notes in Computer Science 1109), pp. 157–172. Springer-Verlag, 1996. Santa Barbara, California, U.S.A., August 18–22.
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust threshold DSS signatures. In U. Maurer, editor, Advances in Cryptology — Eurocrypt '96, Proceedings (Lecture Notes in Computer Science 1070), pp. 354–371. Springer-Verlag, 1996. Zaragoza, Spain, May 12–16.
O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In Proceedings of the Nineteenth annual ACM Symp. Theory of Computing, STOC, pp. 218–229, May 25–27, 1987.
S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof systems. SIAM J. Comput., 18(1), pp. 186–208, February 1989.
A. Herzberg, S. Jarecki, H. Krawczyk, and M. Yung. Proactive secret sharing. In D. Coppersmith, editor, Advances in Cryptology — Crypto '95, Proceedings (Lecture Notes in Computer Science 963), pp. 339–352. Springer-Verlag, 1995. Santa Barbara, California, U.S.A., August 27–31.
M. Ito, A. Saito, and T. Nishizeki. Secret sharing schemes realizing general access structures. In Proc. IEEE Global Telecommunications Conf., Globecom'87, pp. 99–102 102. IEEE Communications Soc. Press, 1987.
N. Jacobson. Basic Algebra I. W. H. Freeman and Company, New York, 1985.
E. D. Karnin, J. W. Greene, and M. Hellman. On secret sharing systems. IEEE Tr. Inform. Theory, 29(1), pp. 35–41, January 1983.
K. Kurosawa and D. Stinson, June 1996. Personal communication.
S. K. Langford. Threshold DSS signatures without a trusted party. In D. Coppersmith, editor, Advances in Cryptology — Crypto '95, Proceedings (Lecture Notes in Computer Science 963), pp. 397–409. Springer-Verlag, 1995. Santa Barbara, California, U.S.A., August 27–31.
S. K. Langford. Weaknesses in some threshold cryptosystems. In N. Koblitz, editor, Advances in Cryptology — Crypto '96, Proceedings (Lecture Notes in Computer Science 1109), pp. 74–82. Springer-Verlag, 1996. Santa Barbara, California, U.S.A., August 18–22.
C. Li, T. Hwang, and N. Lee. Thresh old-multisignature schemes where suspected forgery implies traceability of adversarial shareholders. In A. De Santis, editor, Advances in Cryptology — Eurocrypt '94, Proceedings (Lecture Notes in Computer Science 950), pp. 194–204. Springer-Verlag, May 9–12, 1995. Perugia, Italy, May 9–12.
F. J. MacWilliams and N. J. A. Sloane. The theory of error-correcting codes. North-Holland Publishing Company, 1978.
R. J. McEliece and D. V. Sarwate. On sharing secrets and Reed-Solomon codes. Comm. ACM, 24(9), pp. 583–584, September 1981.
A. Menezes, P. van Oorschot, and S. Vanstone. Applied Cryptography. CRC, Boca Raton, 1996.
R. Ostrovsky and M. Yung. How to withstand mobile virus attacks. In Proceedings of the 10-th Annual ACM Symp. on Principles of Distributed Computing, pp. 51–60, August 19–21, 1991. Montreal, Quebec, Canada.
T. P. Pedersen. A threshold cryptosystem without a trusted party. In D. W. Davies, editor, Advances in Cryptology, Proc. of Eurocrypt '91 (Lecture Notes in Computer Science 547), pp. 522–526. Springer-Verlag, April 1991. Brighton, U.K.
G. J. Popek and C. S. Kline. Encryption and secure computer networks. ACM Computing Surveys, 11(4), pp. 335–356, December 1979.
T. Rabin. A simplified approach to threshold and proactive RSA. Manuscript.
I. S. Reed and G. Solomon. Polynomial codes over certain finite fields. SIAM Journal on Applied Mathematics, 8, pp. 300–304, 1960.
M. K. Reiter and K. P. Birman. How to securely replicate services. ACM Transactions on programming languages and systems, 16(3), pp. 986–1009, 1994.
A. Shamir. How to share a secret. Commun. ACM, 22, pp. 612–613, November 1979.
C. E. Shannon. Communication theory of secrecy systems. Bell System Techn. Jour., 28, pp. 656–715, October 1949.
D. R. Stinson. Cryptography: Theory and Practice. CRC, Boca Raton, 1995.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Desmedt, Y. (1998). Some recent research aspects of threshold cryptography. In: Okamoto, E., Davida, G., Mambo, M. (eds) Information Security. ISW 1997. Lecture Notes in Computer Science, vol 1396. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0030418
Download citation
DOI: https://doi.org/10.1007/BFb0030418
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64382-1
Online ISBN: 978-3-540-69767-1
eBook Packages: Springer Book Archive