Cryptology ePrint Archive: Report 2010/207

Increased Resilience in Threshold Cryptography: Sharing a Secret with Devices That Cannot Store Shares

Koen Simoens and Roel Peeters and Bart Preneel

Abstract: Threshold cryptography has been used to secure data and control access by sharing a private cryptographic key over different devices. This means that a minimum number of these devices, the threshold $t+1$, need to be present to use the key. The benefits are increased security, because an adversary can compromise up to $t$ devices, and resilience, since any subset of $t+1$ devices is sufficient.

Many personal devices are not suitable for threshold schemes, because they do not offer secure storage, which is needed to store shares of the private key. This article presents several protocols in which shares are stored in protected form (possibly externally). This makes them suitable for low-cost devices with a factory-embedded key, e.g., car keys and access cards. All protocols are verifiable through public broadcast, thus without private channels. In addition, distributed key generation does not require all devices to be present.

Category / Keywords: public-key cryptography / threshold cryptography

Date: received 14 Apr 2010, last revised 17 Aug 2010

Contact author: roel peeters at esat kuleuven be

Available formats: PDF | BibTeX Citation

Note: Public key extraction phase of the DKG protocol was altered to a more efficient one

Version: 20100817:091247 (All versions of this report)

Discussion forum: Show discussion | Start new discussion