Cryptology ePrint Archive: Report 2019/104

BADGER - Blockchain Auditable Distributed (RSA) key GEneRation

Naomi Farley and Robert Fitzpatrick and Duncan Jones

Abstract: Migration of security applications to the cloud poses unique challenges in key management and protection: asymmetric keys which would previously have resided in tamper-resistant, on-premise Hardware Security Modules (HSM) now must either continue to reside in non-cloud HSMs (with attendant communication and integration issues) or must be removed from HSMs and exposed to cloud-based threats beyond an organization's control, e.g. accidental loss, warranted seizure, theft etc.

Threshold schemes offer a halfway house between traditional HSM-based key protection and native cloud-based usage. Threshold signature schemes allow a set of actors to share a common public key, generate fragments of the private key and to collaboratively sign messages, such that as long as a sufficient quorum of actors sign a message, the partial signatures can be combined into a valid signature.

However, threshold schemes, while being a mature idea, suffer from large protocol transcripts and complex communication-based requirements. This consequently makes it a more difficult task for a user to verify that a public key is, in fact, a genuine product of the protocol and that the protocol has been executed validly. In this work, we propose a solution to these auditability and veri cation problems, reporting on a prototype cloud-based implementation of a threshold RSA key generation and signing system tightly integrated with modern distributed ledger and consensus techniques.

Category / Keywords: public-key cryptography / digital signatures, distributed cryptography, implementation, public-key cryptography, RSA, threshold cryptography

Date: received 1 Feb 2019, last revised 7 Feb 2019

Contact author: duncan jones at thalesesecurity com

Available format(s): PDF | BibTeX Citation

Version: 20190207:121807 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]