So far, the main publications in the project are in the form of NIST Internal Reports (NISTIR), elaborated internally at NIST and made publicly available for comments and consultation.
For example, a threshold-produced signature should be verifiable by the verification algorithm that is used for signatures produced by the conventional (non-threshold) algorithm. The MPTC project will consider devising recommendations and guidelines pertinent to threshold schemes that are interchangeable (in the sense of NISTIR 8214A, Section 2.4) with selected primitives of interest. Threshold schemes can be applied to any cryptographic primitive, such as key generation, signing, encryption and decryption. Which cryptographic primitives can be thresholdized? This threshold approach can be used to distribute trust across various operators, and is also useful to avoid various single-points of failure in the implementation. The cryptographic operation that depends on the key is then performed via a threshold scheme, using secure multi-party computation (MPC), so that the key does not have to be reconstructed (i.e., the secret-sharing remains in place even during the computation). Then, if some (up to a threshold f out of n) of these parties are corrupted, the key secrecy remains uncompromised. Using a “secret sharing” mechanism, the secret key is split across multiple "parties".
Legend: 2KE = pair-wise key- establishment KC = Key confirmation KD = Key derivation Keygen = key- generation PKE = Public- key encryption PRF = pseudo random function (family) PRP = pseudo random permutation (family) QR = quantum resistant TF = threshold friendly ZKPoK = Zero- knowledge proof of knowledge. Low-round multi-party key- agreement (KA) Succinct & verifiable-deterministic signatures Subcategories and examples of primitives in Cat2 Subcategory: Type Legend: 2KA = pair-wise key- agreement 2KE = pair-wise key- establishment AES = Advanced Encryption Standard CDH = Cofactor Diffie- Hellman ECC = Elliptic- curve cryptography ECDSA = Elliptic- curve Digital Signature Algorithm EdDSA = Edwards-Curve Digital Signature Algorithm KC = Key confirmation KDM = Key derivation mechanism Keygen = Key- generation MQV = Menezes- Qu- Vanstone PKE = Public- key encryption RSA = Rivest- Shamir- Adleman RSADSA = RSA digital signature algorithm. AES encipher/decipher, KDM/KC (to support 2KE)
0 kommentar(er)
