“Threshold cryptosystem”的意思、由来-开放百科全书

In cryptography, a cryptosystem is called a threshold cryptosystem, if in order to decrypt an encrypted message or to sign a message, several parties (more than some threshold number) must cooperate in the decryption or signature protocol. The message is encrypted using a public key and the corresponding private key is shared among the participating parties. Let

be the number of parties. Such a system is called (t,n)-threshold, if at least t of these parties can efficiently decrypt the ciphertext, while less than t have no useful information. Similarly it is possible to define (t,n)-threshold signature scheme, where at least t parties are required for creating a signature. Perhaps the first system with complete threshold properties for a trapdoor function (RSA) and a proof of security was given by Alfredo De Santis, Yvo Desmedt, Yair Frankel, and Moti Yung.^[1]

Threshold versions of encryption or signature schemes can be built for many asymmetric cryptographic schemes. The natural goal of such schemes is to be as secure as the original scheme. Such threshold versions have been defined by the above and by^[2] for:

Application

The most common application is in the storage of secrets in multiple locations to prevent the capture of the ciphertext and the subsequent cryptanalysis on that ciphertext. Most often the secrets that are "split" are the secret key material of a public key cryptography key pair or the ciphertext of stored password hashes.

Historically, only organizations with very valuable secrets, such as certificate authorities, militaries, and governments, would make use of the technology. However, in October 2012 after a number of large public website password ciphertext compromises, RSA Security announced that it would be releasing software that makes the technology available to the general public.^[9] One of the earliest implementations of the notion was done in the 1990s by Certco's design for the original Secure electronic transaction planned deployment.^[10]

Cryptocurrency exchanges and providers of cryptocurrency wallets have announced their intention to use threshold signature cryptosystems to secure the key shares used to generate signatures to authorize cryptocurrency transactions. SBI Virtual Currencies was the first known implementation of threshold signatures in 2019 to secure VCTRADE, a bank-backed, government licensed exchange in Japan.^[11]

The National Institute of Standards and Technology (NIST) conducted a workshop on threshold cryptography in March of 2019 with a goal of establishing consensus on applications and scoping the efforts to define specifications.^[12]

See also

References

1. ^Alfredo De Santis, Yvo Desmedt, Yair Frankel, Moti Yung: How to share a function securely. STOC 1994: 522-533
2. ^Jonathan Katz, Moti Yung:Threshold Cryptosystems Based on Factoring. ASIACRYPT 2002: 192-205 [https://link.springer.com/chapter/10.1007%2F3-540-36178-2_12]
3. ^Ivan Damgård, Mads Jurik: A Length-Flexible Threshold Cryptosystem with Applications. ACISP 2003: 350-364
4. ^Ivan Damgård, Mads Jurik: A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System. Public Key Cryptography 2001: 119-136
5. ^Rosario Gennaro, Stanislaw Jarecki, Hugo Krawczyk, Tal Rabin: Robust Threshold DSS Signatures. EUROCRYPT 1996: 354-371
6. ^{{Cite web|url=https://www.nongnu.org/dkgpg/|title=Distributed Privacy Guard (DKGPG)|date=2017}}
7. ^{{Cite journal|url=https://eprint.iacr.org/2015/1169.pdf|title=Strength in Numbers: Threshold ECDSA to Protect Keys in the Cloud|last=Green|first=Marc|authorlink=|last2=Eisenbarth|first2=Thomas|date=2015|website=|archive-url=|archive-date=|dead-url=|access-date=}}
8. ^{{Cite journal|url=https://eprint.iacr.org/2016/013.pdf|title=Threshold-optimal DSA/ECDSA signatures and an application to Bitcoin wallet security|last=Gennaro|first=Rosario|authorlink=|last2=Goldfeder|first2=Steven|date=2016|website=|archive-url=|archive-date=|dead-url=|access-date=|last3=Narayanan|first3=Arvind}}
9. ^{{cite news |url=http://www.technologyreview.com/news/429498/to-keep-passwords-safe-from-hackers-just-break/ |title=To Keep Passwords Safe from Hackers, Just Break Them into Bits | author=Tom Simonite |date=October 9, 2012 |work=Technology Review |accessdate=October 9, 2012}}
10. ^{{citation|url=http://www.geocities.ws/rayvaneng/w0597_09.htm|title=Visa and Mastercard have just announced the selection of two companies -- CertCo and Spyrus, 05/20/97}}.
11. ^https://cointelegraph.com/news/financial-giant-sbi-group-to-develop-wallet-following-new-partnership
12. ^https://csrc.nist.gov/projects/threshold-cryptography