Threshold cryptosystem

In cryptography, a cryptosystem is called a "threshold cryptosystem", if in order to decrypt an encrypted message, several parties (more than some threshold number) must cooperate in the decryption protocol. The message is encrypted using a public key and the corresponding private key is shared among the participating parties. Let $n$ be the number of parties. Such a system is called (t,n)-threshold, if at least t of these parties can efficiently decrypt the ciphertext, while less than t have no useful information. Similarly it is possible to define (t,n)-threshold signature scheme, where at least t parties are required for creating a signature.

Threshold versions of encryption schemes can be built for many public encryption schemes. The natural goal of such schemes is to be as secure as the original scheme. Such threshold versions have been defined for:

Application

The most common application is in the storage of secrets in multiple locations to prevent the capture of the ciphertext and the subsequent performance of cryptanalysis on that cyphertext. Most often the secrets that are "split" are the secret key material of a public key cryptography key pair or the ciphertext of stored password hashes.

Historically, only organizations with very valuable secrets, such as certificate authorities, militaries, and governments, would make use of the technology. However, in October 2012 after a number of large public website password ciphertext compromises, RSA Security announced that it would be releasing software that makes the technology available to the general public. ^[3]

References

↑ Ivan Damgård, Mads Jurik: A Length-Flexible Threshold Cryptosystem with Applications. ACISP 2003: 350-364
↑ Ivan Damgård, Mads Jurik: A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System. Public Key Cryptography 2001: 119-136
↑ Tom Simonite (October 9, 2012). "To Keep Passwords Safe from Hackers, Just Break Them into Bits". Technology Review. Retrieved October 9, 2012.

Public-key cryptography

Algorithms

Integer Factorization	Benaloh Blum–Goldwasser Cayley–Purser Damgård–Jurik GMR Goldwasser–Micali Paillier Rabin RSA Okamoto–Uchiyama Schmidt–Samoa

Discrete logarithm	Cramer–Shoup DH DSA ECDH ECDSA EdDSA EKE ElGamal signature scheme MQV Schnorr SPEKE SRP STS

Others	AE CEILIDH EPOC HFE IES Lamport McEliece Merkle–Hellman Naccache–Stern Naccache–Stern knapsack cryptosystem NTRUEncrypt NTRUSign Three-pass protocol XTR

Theory

Standardization

Topics

Cryptography

History of cryptography Cryptanalysis Outline of cryptography

Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography

Category Portal WikiProject

This article is issued from Wikipedia - version of the 2/3/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.

Threshold cryptosystem

Application

See also

References