Abstract
It is typical for a cryptographic technology to be useful in its primary goal and applications, yet to exhibit also a dark side, namely to allow abuses in some other situations. Examples are subliminal channels in strong (randomized) signature schemes, employing authentication for encryption, kleptography exploiting strong randomness, etc. Threshold cryptography was introduced to realize better security and availability. However, its “dark side” has never been addressed seriously. We investigate some possible abuses of threshold cryptography which result from users not possessing the entire private key due to threshold splitting. This is a deficiency which can hurt de-commitment in procedures like “contract signing” and nullify non-transferability properties. To attempt solving the problem, one may suggest to assure that the user has full control of his private key via a zero-knowledge confirmation. However, advances in cryptography itself defeat this, since the Completeness Theorem for secure computations implies that servers in possession of shares of a key can answer on behalf of the “virtual holder” of the entire private key, without compromising the secrecy of their shares. We are then forced to look at more physical limitations of the setting. We propose a notion we call Verifiable Secret Non-Sharing (VSNS) where we can replace the strong (i.e., less realistic) physical isolation assumption (namely, a Faraday cage) with a more realistic timing assumption. We then introduce a new class of “combined software engineering and cryptography” adversarial capability, which employs software preprocessing and cryptography in breaking all previous suggestions to our problem. It seems that the adversary is so powerful that we have to rely on certain tamper-resistant device to block it. We show how to prevent a malicious participant from compromising the secrecy of the provers’ secret keys in this case. Our treatment is a step towards a model of computing with trusted and non-trusted tamper-proof (black box) elements.
The whole is more than the sum of its parts
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
S. Bengio, G. Brassard, Y. Desmedt, C. Goutier, and J. J. Quisquater, Secure Implementation of Identification Systems, Journal of Cryptology, 1991 (4), pp 175–183.
S. Brands and D. Chaum, Distance-Bounding Protocols, Eurocrypt’93.
G. Brassard, D. Chaum, and C Crepeau, Minimum Disclosure Proofs of Knowledge, Journal of Computer and System Science, Vol. 37, No. 2, Oct. 1988, pp. 156–189.
T. Beth and Y. Desmedt, Identification Tokens-or: Solving the Chess Grandmaster Problem, Crypto’90.
D. Boneh and M. Naor, Timed Commitments, Crypto’00.
M. Bellare and P. Rogaway, Random Oracles Are Practical: A Paradigm for Designing Efficient Protocols, ACM CCS’93.
D. Chaum and H. van Antwerpen, Undeniable Signatures, Crypto’89.
Y. Desmedt, Simmons’ Protocol Is Not Free of Subliminal Channels, Computer Security Foundation Workshop’96.
Y. Desmedt and Y. Frankel, Threshold Cryptosystems, Crypto’89.
Y. Desmedt and Y. Frankel, Shared Generation of Authenticators and Signatures, Crypto’91.
C. Dwork, M. Naor, and A. Sahai, Concurrent Zero-Knowledge, STOC’98.
Y. Desmedt and M. Yung, A Weakness of Undeniable Signature, Eurocrypt’91.
O. Goldreich, Secure Multi-Party Computation, 1998.
J. Garay, M. Jakobsson, and P. MacKenzie, Abuse-Free Optimistic Contract Signing, Crypto’99.
J. Garay and P. MacKenzie, Abuse-free Multi-party Contract Signing, DISC’ 99.
O. Goldreich, S. Micali, and A. Wigderson, How to Play any Mental Game-A Completeness Theorem for Protocol with Honest Majority, STOC’87.
M. Jakobsson, Blackmailing Using Undeniable Signatures, Euiocrypt’94.
M. Jakobsson, K. Sako, and R. Impagliazzo, Designated Verifier Proofs and Their Applications, Eurocrypt’96.
P. Kocher, Timing Attacks on Implementation of Diffie-Hellman, RSA, DSS, and Other Systems, Crypto’96.
H. Krawczyk and T. Rabin, Chameleon Hashing and Signatures, NDSS’2000.
A. Shamir, How to Share a Secret, CACM, Vol. 22, No. 11, pp 612–613, 1979.
C. P. Schnorr, Efficient Signatures Generation by Smart Card, J. of Cryptology, 4(3), 1991, 161–174.
M. Stadler, Publicly Verifiable Secret Sharing, Eurocrypt’96.
G. J. Simmons, The History of Subliminal Channels, IEEE Journal on Selected Areas in Communication, vol. 16, no. 4, May 1998.
K. Thompson, Reflections on Trusting Trust, CACM, Vol. 27, No. 8, pp 761–763.
A. Yao, Protocols for Secure Computations (extended abstract), FOCS’82.
A. Young and M. Yung, Kleptography: using Cryptography Against Cryptography, Crypto’97.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFCA/Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xu, S., Yung, M. (2003). The Dark Side of Threshold Cryptography. In: Blaze, M. (eds) Financial Cryptography. FC 2002. Lecture Notes in Computer Science, vol 2357. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36504-4_15
Download citation
DOI: https://doi.org/10.1007/3-540-36504-4_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00646-6
Online ISBN: 978-3-540-36504-4
eBook Packages: Springer Book Archive