Encyclopedia of Cryptography and Security

2005 Edition
| Editors: Henk C. A. van Tilborg

Threshold Cryptography

  • Yvo Desmedt
Reference work entry
DOI: https://doi.org/10.1007/0-387-23483-7_428

Introduction

In modern cryptography most schemes have been developed for a scenario with one sender and one receiver. However, there are scenarios in which many receivers (or many senders) need to share the power to use a cryptosystem. The main motivation for threshold cryptography was to develop techniques to deal with the multi-sender/multi-receiver scenarios.

To illustrate the aforementioned scenarios we first discuss several particular cases of threshold cryptography to clarify its importance. To motivate threshold decryption, take the setting of key escrow [4, p. 210]. In Micali's approach [33] as well as the NIST proposal Clipper Chip proposal [7], a threshold scheme is used. Key Escrow agents have sharesof each user's secret key. When a court order is received, the law enforcement receives these shares from the Key Escrow agents. This permits recovering the user's secret key. A major disadvantage of these schemes is that once these shares of a user have been provided, the law...

This is a preview of subscription content, log in to check access.

References

  1. [1]
    Albert, A.A. (1943). “Quasigroups I.” Transactions of the American Mathematical Society, 54, 507–519.zbMATHMathSciNetCrossRefGoogle Scholar
  2. [2]
    Bao, F., R. Deng, Y. Han, and A. Jeng (1997). “Design and analysis of two basic protocols for use in TTP-based key escrow.” Information Security and Privacy, Second Australian Conference, ACISP'97, Sydney, NSW, Australia, July 7–9, Lecture Notes in Computer Science, vol. 1270, eds. V. Varadharajan, J. Pieprzyk, and Y. Mu. Springer-Verlag, Berlin, 261–270.Google Scholar
  3. [3]
    Benaloh, J.C. (1987). “Secret sharing homomorphisms: Keeping shares of a secret secret.” Advances in Cryptology—CRYPTO'86, Santa Barbara, CA, August 11–15, Lecture Notes in Computer Science, vol. 263, ed. A. Odlyzko. Springer-Verlag, Berlin, 251–260.Google Scholar
  4. [4]
    Beth, T. (1990). “Zur Sicherheit der Informationstechnik.” Informatik-Spektrum, 13, 204–215 (in German).Google Scholar
  5. [5]
    Boneh, D. and M. Franklin (1997). “Efficient generation of shared RSA keys.” Advances in Cryptology—CRYPTO'97, Santa Barbara, CA, August 17–21, Lecture Notes in Computer Science, vol. 1294, ed. B.S. Kaliski. Springer-Verlag, Berlin, 425–439.Google Scholar
  6. [6]
    Chen, L., D. Gollmann, and C. Mitchell (1997). “Key escrow in mutually mistrusting domains.” Security Protocols, Cambridge, UK, April 10–12, Lecture Notes in Computer Science, vol. 1189, ed. M. Lomas. Springer-Verlag, Berlin, 139–153.Google Scholar
  7. [7]
    A proposed federal information processing standard for an escrowed encryption standard (EES). Federal Register, July 30, 1993.Google Scholar
  8. [8]
    Cramer, R. and S. Fehr (2002). “Optimal black-box secret sharing over arbitrary abelian groups.” Advances in Cryptology—CRYPTO 2002, Santa Barbara, CA, August 18–22, Lecture Notes in Computer Science, vol. 2442, ed. M. Yung. Springer-Verlag, Berlin, 272–287.Google Scholar
  9. [9]
    Di Crescenzo, G. and Y. Frankel (1999). “Existence of multiplicative secret sharing schemes with polynomial share expansion.” Proceedings of the Tenth Annual ACM-SIAM Symposium on Discrete Algorithms, January, 17–19, Baltimore, MD.Google Scholar
  10. [10]
    De Santis, A., Y. Desmedt, Y. Frankel, and M. Yung (1994). “How to share a function securely.” Proceedings of the Twenty-Sixth Annual ACM Symposium. Theory of Computing (STOC), May 23–25, Montréal, Québec, Canada, ACM Press, 522–533.Google Scholar
  11. [11]
    Desmedt, Y., G. Di Crescenzo, and M. Burmester (1995). “Multiplicative non-abelian sharing schemes and their application to threshold cryptography.” Advances in Cryptology—Asiacrypt'94, Wollongong, November–December 1994, Lecture Notes in Computer Science, vol. 917, eds. J. Pieprzyk and R. Safavi-Naini. Springer-Verlag, Berlin, 21–32.Google Scholar
  12. [12]
    Desmedt, Y. and Y. Frankel (1990). “Threshold cryptosystems.” Advances in Cryptology—CRYPTO'89, Santa Barbara, CA, August 20–24, Lecture Notes in Computer Science, vol. 435, ed. G. Brassard. Springer-Verlag, Berlin, 307–315.Google Scholar
  13. [13]
    Desmedt, Y. and S. Jajodia (1997). “Redistributing secret shares to new access structures and its applications.” Technical Report ISSE-TR-97-01, George Mason University, July, ftp://isse.gmu.edu/ pub/techrep/97_01_jajodia.ps.gzGoogle Scholar
  14. [14]
    Desmedt, Y.G. (1994). “Threshold cryptography.” European Trans. on Elecommunications, 5 (4), 449–457 (Invited paper).MathSciNetCrossRefGoogle Scholar
  15. [15]
    Desmedt, Y.G. and Y. Frankel (1994). “Homomorphic zero-knowledge threshold schemes over any finite abelian group.” SIAM Journal on Discrete Mathematics, 7 (4), 667–679.zbMATHMathSciNetCrossRefGoogle Scholar
  16. [16]
    Desmedt, Y. (1988). “Society and group oriented cryptography: A new concept.” Advances in Cryptology—CRYPTO'87, Santa Barbara, CA, August 16–20, Lecture Notes in Computer Science, vol. 293, ed. C. Pomerance. Springer-Verlag, Berlin, 120–127.Google Scholar
  17. [17]
    Desmedt, Y. (1993). “Threshold cryptosystems.” Advances in Cryptology—ASIACRIPT'92, Old Coast, Queensland, December, Lecture Notes in Computer Science, vol. 718, eds. J. Seberry and Y. Zheng. Springer-Verlag, Berlin, 3–14 (Invited paper).Google Scholar
  18. [18]
    Desmedt, Y. (1997). “Some recent research aspects of threshold cryptography.” Information Security, proceedings, September 17–19, 1997, Tatsunokuchi, Ishikawa, Japan. Lecture Notes in Computer Science, vol. 1396, eds. E. Okamoto, G. Davida, and M. Mambo. Springer-Verlag, Berlin, 158–173. (Invited Lecture).Google Scholar
  19. [19]
    Frankel, Y. and Y. Desmedt (1992). “Parallel reliable threshold multisignature.” Tech. Report TR-92-04-02, Dept. of EE & CS, University of Wisconsin–Milwaukee, ftp://ftp.cs.uwm.edu/ pub/tech_reports/desmedt-rsa-threshold_92.psGoogle Scholar
  20. [20]
    Frankel, Y. and Y. Desmedt (1992). “Classification of ideal homomorphic threshold schemes over finite Abelian groups.” Advances in Cryptology—EUROCRYPT'92, Balatonfüred, Hungary, Lecture Notes in Computer Science, vol. 658, ed. R.A. Rueppel. Springer-Verlag, Berlin, 25–34.Google Scholar
  21. [21]
    Frankel, Y., Y.P. Gemmell, P.D. MacKenzie, and M. Yung (1997). “Optimal resilience proactive public key cryptosystems.” 38th Annual Symp. on Foundations of Computer Science (FOCS), October 20–22, Miami Beach, FL, USA. IEEE Computer Society Press, Los Abumitos, CA.Google Scholar
  22. [22]
    Frankel, Y., P. Gemmell, P.D. MacKenzie, and M. Yung (1997). “Proactive RSA.” Advances in Cryptology—CRYPTO'97, Santa Barbara, CA, August 17–21, Lecture Notes in Computer Science, vol. 1294, ed. B. S. Kaliski. Springer-Verlag, Berlin, 440–454.Google Scholar
  23. [23]
    Frankel, Y., P. Gemmell, and M. Yung (1996). “Witness-based cryptographic program checking and robust function sharing.” Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, ACM Press. May 22–24, 499–508.Google Scholar
  24. [24]
    Frankel, Y., Y. Desmedt, and M. Burmester (1993). “Non-existence of homomorphic general sharing schemes for some key spaces.” Advances in Cryptology—CRYPTO'92, Santa Barbara, CA, August 16–20, Lecture Notes in Computer Science, vol. 740, ed. E. F. Brickell. Springer-Verlag, Berlin, 549–557.Google Scholar
  25. [25]
    Gennaro, R., S. Jarecki, H. Krawczyk, and T. Rabin (1996). “Robust and efficient sharing of RSA functions.” Advances in Cryptology—CRYPTO'96, Santa Barbara, CA, August 18–22, Lecture Notes in Computer Science, vol. 1109, ed. N. Koblitz. Springer-Verlag, Berlin, 157–172.Google Scholar
  26. [26]
    Gennaro, R., S. Jarecki, H. Krawczyk, and T. Rabin (1996). “Robust threshold DSS signatures.” Advances in Cryptology—EUROCRYPT'96, Zaragoza, Spain, May 12–16, Lecture Notes in Computer Science, vol. 1070, ed. U. Maurer. Springer-Verlag, Berlin, 354–371.Google Scholar
  27. [27]
    Herzberg, A., S. Jarecki, H. Krawczyk, and M. Yung, (1995). “Proactive secret sharing.” Advances in Cryptology—CRYPTO'95, Santa Barbara, CA, August 27–31, Lecture Notes in Computer Science, vol. 963, ed. D. Coppersmith. Springer-Verlag, Berlin, 339–352.Google Scholar
  28. [28]
    Jacobson, N. (1985). Basic Algebra I. W. H. Freeman and Company, New York.zbMATHGoogle Scholar
  29. [29]
    Jacobson, N. (1989). Basic Algebra II. W. H. Freeman and Company, New York.zbMATHGoogle Scholar
  30. [30]
    King, B. (1976). “Improved methods to perform threshold RSA.” Advances in Cryptology—ASIACRYPT 2000, December 2000, Kyoto, Japan, Lecture Notes in Computer Science, vol. 1976, ed. T. Okamoto. Springer-Verlag, Berlin, 359–372.Google Scholar
  31. [31]
    King, B. (2000). “Algorithms to speed up computations in threshold RSA.” Information Security and Privacy, 5th Australian Conference, ACISP2000, Brisbane, Australia, July 10–12, Lecture Notes in Computer Science, vol. 1841, eds. E. Dawson, A. Clark, and C. Boyd. Springer-Verlag, Berlin, 443–456.Google Scholar
  32. [32]
    Langford, S.K. (1995). “Threshold DSS signatures without a trusted party.” Advances in Cryptology—CRYPTO'95, Santa Barbara, CA, August 27–31, Lecture Notes in Computer Science, vol. 963, ed. D. Coppersmith. Springer-Verlag, Berlin, 397–409.Google Scholar
  33. [33]
    Micali, S. (1993). “Fair public-key cryptosystems.” Advances in Cryptology—CRYPTO'92, Santa Barbara, CA, August 16–20, Lecture Notes in Computer Science, vol. 740, ed. E.F. Brickell. Springer-Verlag, Berlin, 113–138.Google Scholar
  34. [34]
    Ostrovsky, R. and M. Yung (1991). “How to withstand mobile virus attacks.” Proceedings of the 10-th Annual ACM Symp. on Principles of Distributed Computing, August 19–21, Montreal, Quebec, Canada, ACM Press 51–60.Google Scholar
  35. [35]
    Pedersen, T.P. (1991). “A threshold cryptosystem without a trusted party.” Advances in Cryptology—EUROCRYPT'91, April 1991, Brighton, UK, Lecture Notes in Computer Science, vol. 547, ed. D.W. Davies. Springer-Verlag, Berlin, 522–526.Google Scholar
  36. [36]
    Poupard, G. and J. Stern (1998). “Generation of shared RSA keys by two parties.” Advances in Cryptology—ASIACRYPT'98, Beijing, China, Ocotober, Lecture Notes in Computer Science, vol. 1514, eds. K. Ohta and D. Pei. Springer-Verlag, Berlin, 11–24.Google Scholar
  37. [37]
    Rabin, T. (1998). “A simplified approach to threshold and proactive RSA.” Advances in Cryptology—CRYPT'98, Lecture Notes in Computer Science, vol. 1462, ed. H. Krawczyk. Springer, Berlin, 89–104.Google Scholar
  38. [38]
    Reiter, M.K. and K.P. Birman (1994). “How to securely replicate services.” ACM Transactions on Programming Languages and Systems, 16 (3), 986–1009.CrossRefGoogle Scholar
  39. [39]
    Shannon, C.E. (1949). “Communication theory of secrecy systems.” Bell System Techn. Jour., 28, 656–715.MathSciNetzbMATHGoogle Scholar
  40. [40]
    Shoup, V. (2000). “Practical threshold signatures.” Advances in Cryptology—EUROCRYPT 2000, Bruges, Belgium, May 14–18, Lecture Notes in Computer Science, vol. 1807, ed. B. Preneel. Springer-Verlag, Berlin, 207–220.Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Yvo Desmedt

There are no affiliations available