Paper 2019/104

BADGER - Blockchain Auditable Distributed (RSA) key GEneRation

Naomi Farley, Robert Fitzpatrick, and Duncan Jones


Migration of security applications to the cloud poses unique challenges in key management and protection: asymmetric keys which would previously have resided in tamper-resistant, on-premise Hardware Security Modules (HSM) now must either continue to reside in non-cloud HSMs (with attendant communication and integration issues) or must be removed from HSMs and exposed to cloud-based threats beyond an organization's control, e.g. accidental loss, warranted seizure, theft etc. Threshold schemes offer a halfway house between traditional HSM-based key protection and native cloud-based usage. Threshold signature schemes allow a set of actors to share a common public key, generate fragments of the private key and to collaboratively sign messages, such that as long as a sufficient quorum of actors sign a message, the partial signatures can be combined into a valid signature. However, threshold schemes, while being a mature idea, suffer from large protocol transcripts and complex communication-based requirements. This consequently makes it a more difficult task for a user to verify that a public key is, in fact, a genuine product of the protocol and that the protocol has been executed validly. In this work, we propose a solution to these auditability and verication problems, reporting on a prototype cloud-based implementation of a threshold RSA key generation and signing system tightly integrated with modern distributed ledger and consensus techniques.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
digital signaturesdistributed cryptographyimplementationpublic-key cryptographyRSAthreshold cryptography
Contact author(s)
duncan jones @ thalesesecurity com
2019-02-07: revised
2019-02-05: received
See all versions
Short URL
Creative Commons Attribution


      author = {Naomi Farley and Robert Fitzpatrick and Duncan Jones},
      title = {BADGER - Blockchain Auditable Distributed (RSA) key GEneRation},
      howpublished = {Cryptology ePrint Archive, Paper 2019/104},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.