Advances in Cryptology - EUROCRYPT 2004

Volume 3027 of the series Lecture Notes in Computer Science pp 138-152

Practical Large-Scale Distributed Key Generation

  • John CannyAffiliated withUniversity of California
  • , Stephen SorkinAffiliated withUniversity of California


Generating a distributed key, where a constant fraction of the players can reconstruct the key, is an essential component of many large-scale distributed computing tasks such as fully peer-to-peer computation and voting schemes. Previous solutions relied on a dedicated broadcast channel and had at least quadratic cost per player to handle a constant fraction of adversaries, which is not practical for extremely large sets of participants. We present a new distributed key generation algorithm, sparse matrix DKG, for discrete-log based cryptosystems that requires only polylogarithmic communication and computation per player and no global broadcast. This algorithm has nearly the same optimal threshold as previous ones, allowing up to a \(\frac{1}{2}-\epsilon\) fraction of adversaries, but is probabilistic and has an arbitrarily small failure probability. In addition, this algorithm admits a rigorous proof of security. We also introduce the notion of matrix evaluated DKG, which encompasses both the new sparse matrix algorithm and the familiar polynomial based ones.


Threshold Cryptography Distributed Key Generation Discrete Logarithm Random Walk Linear Algebra