Paper 2010/207

Increased Resilience in Threshold Cryptography: Sharing a Secret with Devices That Cannot Store Shares

Koen Simoens, Roel Peeters, and Bart Preneel


Threshold cryptography has been used to secure data and control access by sharing a private cryptographic key over different devices. This means that a minimum number of these devices, the threshold $t+1$, need to be present to use the key. The benefits are increased security, because an adversary can compromise up to $t$ devices, and resilience, since any subset of $t+1$ devices is sufficient. Many personal devices are not suitable for threshold schemes, because they do not offer secure storage, which is needed to store shares of the private key. This article presents several protocols in which shares are stored in protected form (possibly externally). This makes them suitable for low-cost devices with a factory-embedded key, e.g., car keys and access cards. All protocols are verifiable through public broadcast, thus without private channels. In addition, distributed key generation does not require all devices to be present.

Note: Public key extraction phase of the DKG protocol was altered to a more efficient one

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
threshold cryptography
Contact author(s)
roel peeters @ esat kuleuven be
2010-08-17: revised
2010-04-19: received
See all versions
Short URL
Creative Commons Attribution


      author = {Koen Simoens and Roel Peeters and Bart Preneel},
      title = {Increased Resilience in Threshold Cryptography: Sharing a Secret with Devices That Cannot Store Shares},
      howpublished = {Cryptology ePrint Archive, Paper 2010/207},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.