Distributed public key cryptosystems

  • Yair Frankel
  • Moti Yung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1431)

Abstract

The cryptographic community has developed many tools to incorporate distributed trust mechanisms into cryptographic primitives and protocols as well as primitives where parties are naturally distributed. Since the fastest growing paradigm in computing is distributed systems and communication networks, the importance of distributed mechanisms has been increasing, and will likely to be pervasive in the future. Here, we review the various distributed mechanisms that have been developed and applied to achieve distributed public key cryptosystem. We focus primarily on the more efficient threshold cryptographic schemes (based on sharing public-key functions) and exemplify (only) some of the issues regarding these systems.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [AGY]
    N. Alon, Z. Galil and M. Yung, Dynamic-Resharing Verifiable Secret Sharing against Mobile Adversary. 3-d European Symp. on Algorithms (ESA)'95. Lecture Notes in Computer Science Vol. 979, P. Spirakis ed., Springer-Verlag, 1995, pp. 523–537.Google Scholar
  2. [Be]
    J. C. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret, Advances in Cryptology, Proc. of Crypto'86 LNCS 263, 1987, pp. 251–260.MATHGoogle Scholar
  3. [BL]
    J. C. Benaloh and J. Leichter, Generalized secret sharing and monotone functions. Advances in Cryptology, Proc. of Crypto'88 LNCS 403, Springer-Verlag, 1990, pp. 27–35.Google Scholar
  4. [BGW]
    M. Ben-Or, S. Goldwasser and A. Wigderson, Completeness theorems for non-cryptographic fault-tolerant distributed computation, Proceedings of the 20th Annual Symposium on Theory of Computing, ACM, 1988, pp. 1–9.Google Scholar
  5. [B]
    R. Blakley, Safeguarding Cryptographic Keys, FIPS Con. Proc (v. 48), 1979, pp. 313–317.Google Scholar
  6. [Blum]
    M. Blum, Three applications of the oblivious transfer: Part I: Coin flipping by phone; Part II: How to exchange secrets; Part III: How to send certified electronic mail, Department of EECS, University of California, Berkeley, CA 1981.Google Scholar
  7. [BF]
    D. Boneh and M. Franklin, Efficient Generation of Shared RSA Keys, Crypto 97 proceedings.Google Scholar
  8. [B88]
    C. Boyd, Digital Multisignatures, In H. Baker and F. Piper, editors IMA Conference on Cryptography and Coding, Claredon Press, 241–246, 1986.Google Scholar
  9. [BeYu]
    J. C. Benaloh and M. Yung, Distributing the Power of a Government to Enhance the Privacy of Voters, Proc. of the 5th ACM Symposium on the Principles in Distributed Computing, 1986, pp. 52–62.Google Scholar
  10. [CHH97]
    R. Canetti S. Halevi, and A. Herzberg, Maintaining authenticated communication in the Presence of Breakins, PODC '97, 15–24, 1997.Google Scholar
  11. [CH]
    R. Canetti and A. Herzberg, Maintaining Security in the Presence of Transient Faults, Advances in Cryptology — Crypto 94 Proceedings, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.Google Scholar
  12. [Ch81]
    D. Chaum, Untraceable Electronic Mail, Return Address, and Digital Pseudonym. CACM, v. 24(2) 1981, pp. 84–88.Google Scholar
  13. [CCD]
    D. Chaum, C. Crepeau, and I. Damgard, Multiparty unconditionally secure protocols, Proceedings of the 20th Annual Symposium on Theory of Computing, ACM, 1988, pp. 11–19.Google Scholar
  14. [CvH]
    D. Chaum and E. Van Heyst, Group signatures, Advances in Cryptology — Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991, pp. 470–484.Google Scholar
  15. [CP]
    L. Chen and T. Pederson, New group signatures, Advances in Cryptology — Eurocrypt 94 Proceedings, Lecture Notes in Computer Science Vol. 950, A. De Santis ed., Springer-Verlag, 1994, pp. 171–181.Google Scholar
  16. [CGMA]
    B. Chor, S. Goldwasser, S. Micali and B. Awerbuch, Verifiable Secret Sharing and Achieving Simultaneous Broadcast, Proceedings of the 26th Symposium on Foundations of Computer Science, IEEE, 1985, pp. 335–344.Google Scholar
  17. [CF85]
    J. Cohen and M. Fischer, A robust and verifiable cryptographically secure election scheme, Proc. 26th Annual Symposium on the Foundations of Computer Science, 1985, pp. 372–382.Google Scholar
  18. [CH]
    R. Croft and S. Harris, Public-key cryptography and re-usable secret shared secrets, In H. Becker and F. Piper, editors, IMA Conference on Cryptography and Coding, 1989, pp. 189–201.Google Scholar
  19. [DDFY]
    A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung, How to Share a Function Securely, ACM Proceedings of the 26th Annual Symposium on Theory of Computing, ACM, 1994, pp. 522–533.Google Scholar
  20. [D]
    Y. Desmedt, Society and group oriented cryptography: A new concept, Advances in Cryptology — Crypto 87 Proceedings, Lecture Notes in Computer Science Vol. 293, C. Pomerance ed., Springer-Verlag, 1987, pp. 120–127.Google Scholar
  21. [DF89]
    Y. Desmedt and Y. Frankel, Threshold cryptosystems, Advances in Cryptology — Crypto 89 Proceedings, Lecture Notes in Computer Science Vol. 435, G. Brassard ed., Springer-Verlag, 1989, pp. 307–315.Google Scholar
  22. [DF91]
    Y. Desmedt and Y. Frankel, Shared Generation of Authenticators and Signatures Advances in Cryptology — Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991, pp. 457–469.Google Scholar
  23. [DFY92]
    Y. Desmedt, Y. Frankel and M. Yung, Multi-receiver / multi-sender network security: efficient authenticated multicast/feedback, Proceedings of IEEE INFOCOM '92, Vol 3, pages 2045–2054, IEEE, 1992.Google Scholar
  24. [DF94]
    Y. Desmedt and Y. Frankel, Homomorphic zero-knowledge threshold schemes over any finite Abelian group, SIAM Journal on Discrete Mathematics, 7(4), pages 667–679, November 1994.CrossRefMathSciNetGoogle Scholar
  25. [DH]
    W. Diffie and M. Hellman, New Directions in Cryptography, IEEE Trans. on Information Theory 22(6), 1976, pp. 644–654.CrossRefMathSciNetGoogle Scholar
  26. [E]
    T. El Gamal, A public key cryptosystem and signature scheme based on discrete logarithms, IEEE Transaction on Information Theory, 31, 1985, pp. 469–472.CrossRefGoogle Scholar
  27. [F]
    P. Feldman, A Practical Scheme for Non-Interactive Verifiable Secret Sharing, Proceedings of the 28th Symposium on Foundations of Computer Science, IEEE, 1987, pp.427–437Google Scholar
  28. [F89]
    Y. Frankel, A practical protocol for large group oriented networks, In J. J. Quisquater and J. Vandewalle, editor, Advances in Cryptology, Proc. of Eurocrypt '89, (Lecture Notes in Computer Science 773), Springer-Verlarg, pp. 56–61.Google Scholar
  29. [FD92]
    Y. Frankel and Y. Desmedt, Distributed reliable threshold multisignatures, Tech. Report version TR-92-04-02, Dept. of EE & CS, Univ. of Wisconsin-Milwaukee, April 1992. (See also; Y. Frankel, Non-interactive multiparty cryptography, Phd. Thesis, UWM, 1992).Google Scholar
  30. [FY95]
    Y. Frankel and M. Yung, Cryptanalysis of the immunized LL public key systems, Advances in Cryptology. Proceedings of Crypto '95 (Lecture Notes in Computer Science 963), pages 285–296. Springer-Verlag, 1995.Google Scholar
  31. [FY96]
    Y. Frankel and M. Yung, Protective sharing of any function: Trust Distribution via secure multi-processors, In J. Pribyl, editor, Pragocrypt '96 (Part I), pages 156–168, CTU Publishing House, 1996.Google Scholar
  32. [FGY]
    Y. Frankel, P. Gemmell and M. Yung, Witness Based Cryptographic Program Checking and Robust Function Sharing. Proceedings of the 28th Annual Symposium on Theory of Computing, ACM, 1996, pp. 499–508.Google Scholar
  33. [FGMY]
    Y. Frankel, P. Gemmel, P. MacKenzie and M. Yung. Proactive RSA, Advances in Cryptology — Crypto 97 Proceedings, Lecture Notes in Computer Science Vol. ??, B. Kaliski ed., Springer-Verlag, 1997.Google Scholar
  34. [FGMY2]
    Y. Frankel, P. Gemmel, P. MacKenzie and M. Yung. Optimal Resilience Proactive Public-Key Crypto systems, Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE, 1997.Google Scholar
  35. [FMY98a]
    Y. Frankel, P. MacKenzie and M. Yung, Coping with Adaptive Adversaries in Threshold/Proactive Public-Key Systems, Available from authors.Google Scholar
  36. [FMY98b]
    Y. Frankel, P. MacKenzie and M. Yung, Robust Efficient Distributed RSA-Key Generation, Available from authors.Google Scholar
  37. [FY98]
    Y. Frankel and M. Yung, Integrating Hardware Into Function Sharing Architectures: “separating, binding and blending”, Available from the authors.Google Scholar
  38. [FY93]
    M. Franklin and M. Yung, Secure and Efficient Off-Line Digital Money, Proc. of the 20th Int. Col. on Automata, Languages and Programming (ICALP), 1993, LNCS 700, Springer Verlag, pp. 265–276.Google Scholar
  39. [F93]
    M. Franklin, Complexity and Security of Distributed Protocols, Phd Thesis, Columbia University.Google Scholar
  40. [GHY87]
    Z. Galil, S. Haber and M. Yung, Cryptographic Computations: Secure Fault Tolerant Protocols in the Public Key Model, Crypto 87, pp. 135–155.Google Scholar
  41. [GJKR1]
    R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin, Robust Threshold DSS Signatures, Advances in Cryptology — Eurocrypt 96 Proceedings, Lecture Notes in Computer Science Vol. 1070, U. Maurer ed., Springer-Verlag, 1996, pp. 354–371.Google Scholar
  42. [GJKR2]
    R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin, Robust Threshold RSA, Advances in Cryptology — Crypto 96 Proceedings, Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed., Springer-Verlag, 1996, pp. 157–172.Google Scholar
  43. [Gr97]
    O. Goldreich, On Foundations of Modern Cryptography, an invited paper, Crypto 97.Google Scholar
  44. [GGM]
    O. Goldreich S. Goldwasser and S. Micali, How to Construct Random Functions, J. of the ACM 33 (1986), pp. 792–807.CrossRefMathSciNetGoogle Scholar
  45. [GMW86]
    O. Goldreich, S. Micali, and A. Wigderson, Proofs that leak nothing but their validity and methodology of cryptographic protocol design, Proceedings of the 27th Symposium on Foundations of Computer Science, IEEE, 1986, pp.174–187.Google Scholar
  46. [GMW86]
    O. Goldreich, S. Micali, and A. Wigderson, How to play any mental game, Proceedings of the 28th Symposium on Foundations of Computer Science, IEEE, 1987, pp 218–229.Google Scholar
  47. [GMR]
    S. Goldwasser, S. Micali and C. Rackoff, The Knowledge Complexity of Interactive Proof-Systems, Siam J. on Computing, 18(1) (1989), pp. 186–208.CrossRefMathSciNetGoogle Scholar
  48. [Gw97]
    S. Goldwasser, A New Directions in Cryptography: Twenty something years after, an invited paper, FOCS 97.Google Scholar
  49. [HJKY]
    A. Herzberg, S. Jarecki, H. Krawczyk, M. Yung, Proactive Secret Sharing, or: how to cope with perpetual leakage, Advances in Cryptology — Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995, pp. 339–352.Google Scholar
  50. [HJJKY]
    A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk, M. Yung, Proactive Public-Key and Signature Schemes Proceedings of the Fourth Annual Conference on Computer and Communications Security, ACM, 1996.Google Scholar
  51. [ISN]
    M. Ito, A. Saito, and T. Nishizeki, Secret sharing schemes realizing general access structures, In Proc. IEEE Global Telecommunications Conf, Globe-com'87, pp. 99–102, Washington, DC, 1987. IEEE Communications Soc. Press.Google Scholar
  52. [Kra93]
    D. Kravitz. Digital signature algorithm, U.S. Patent #5,231,668, July 27, 1993.Google Scholar
  53. [K]
    J. Killian, “Use of Randomness in Algorithms and Protocols”, ACM Distinguished Disertation, MIT Press, 1990.Google Scholar
  54. [L]
    S. Langford, Threshold DSS Signature without a Trusted Party, Crypto 95.Google Scholar
  55. [M]
    S. Micali, Fair Public-Key Cryptosystems, Advances in Cryptology — Crypto 92 Proceedings, Lecture Notes in Computer Science Vol. 740, E. Brickell ed., Springer-Verlag, 1992, pp. 113–138.Google Scholar
  56. [NIST]
    National Institute for Standards and Technology, Digital Signature Standard (DSS), Federal Register, vol 56, no 169, 20 Aug. 1991.Google Scholar
  57. [O]
    T. Okamoto, A digital multisignature scheme using bijective public-key cryptosystems, ACM Transactions on Computer Systems, 6(4), Nov 1988, pp. 432–441.MATHCrossRefGoogle Scholar
  58. [OY]
    R. Ostrovsky and M. Yung, How to withstand mobile virus attacks, Proc. of the 10th ACM Symposium on the Principles of Distributed Computing, 1991, pp. 51–61.Google Scholar
  59. [P91a]
    T. Pederson, Non-interactive and information theoretic secure verifiable secret sharing, Advances in Cryptology — Crypto 92 Proceedings, Lecture Notes in Computer Science Vol. 740, E. Brickell ed., Springer-Verlag, 1992, pp. 129–140.Google Scholar
  60. [P91b]
    T. Pedersen, A threshold cryptosystem without a trusted party, Advances in Cryptology — Eurocrypt 91 Proceedings, Lecture Notes in Computer Science Vol. 547, D. Davies ed., Springer-Verlag, 1991, pp. 129–140.Google Scholar
  61. [P91]
    T. Pedersen, Non-interactive and information theoretic secure verifiable secret sharing, Advances in Cryptology — Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991, pp. 129–140.Google Scholar
  62. [R]
    M. Rabin, How to exchange secrets by oblivious transfer, Tech. Memo TR-81, Aiken Computation Laboratory Harvard University, 1981.Google Scholar
  63. [RSA]
    R. Rivest, A. Shamir and L. Adleman, A Method for Obtaining Digital Signature and Public Key Cryptosystems, Comm. of ACM, 21 (1978), pp. 120–126.CrossRefMathSciNetGoogle Scholar
  64. [Sh]
    A. Shamir, How to share a secret, Comm. of ACM, 22 (1979), pp. 612–613.MATHCrossRefMathSciNetGoogle Scholar
  65. [S92]
    G. J. Simmons. An introduction to shared secret and/or shared control schemes and their application, In G. J. Simmons, editor, Contemporary Cryptology, pp. 441–497. IEEE Press, 1992.Google Scholar
  66. [Y82]
    A. Yao, Protocols for secure computations, Proceedings of the 23rd Symposium on Foundations of Computer Science, IEEE, 1982, pp. 80–91.Google Scholar
  67. [Y86]
    A. Yao, How to generate and exchange secrets, Proceedings of the 27th Symposium on Foundations of Computer Science, IEEE, 1986, pp. 162–167.Google Scholar

Copyright information

© Springer-Verlag 1998

Authors and Affiliations

  • Yair Frankel
    • 1
  • Moti Yung
    • 1
  1. 1.CertCo LLCNew York

Personalised recommendations