Secure Distributed Key Generation for Discrete-Log Based Cryptosystems

@article{Gennaro2006SecureDK,
  title={Secure Distributed Key Generation for Discrete-Log Based Cryptosystems},
  author={Rosario Gennaro and Stanislaw Jarecki and Hugo Krawczyk and Tal Rabin},
  journal={Journal of Cryptology},
  year={2006},
  volume={20},
  pages={51-83}
}
A Distributed Key Generation (DKG) protocol is an essential component of threshold cryptosystems required to initialize the cryptosystem securely and generate its private and public keys. In the case of discrete-log-based (dlog-based) threshold signature schemes (ElGamal and its derivatives), the DKG protocol is further used in the distributed signature generation phase to generate one-time signature randomizers (r = gk). In this paper we show that a widely used dlog-based DKG protocol… Expand
Design Efficient Distributed Key Generation For Secure Network Applications over Cloud
Distributed key generation cryptosystems has a major content called distributed key generation (DKG) protocol. This protocol allows number of participants of group to generate a set of keys such asExpand
Distributed key generation protocol with a new complaint management strategy
TLDR
An extended version of Joint-Feldman DKG that ensures a uniform distribution of the generated keys and a DKG protocol with public channels that use a new strategy to manage complaints without revealing the shares of the secrets held by honest participants and that clearly identifies dishonest participants are presented. Expand
Asynchronous Distributed Key Generation for Computationally-Secure Randomness, Consensus, and Threshold Signatures.
In this paper, we present the first Asynchronous Distributed Key Generation (ADKG) algorithm which is also the first distributed key generation algorithm that can generate cryptographic keys with aExpand
Distributed protocols for digital signatures and public key encryption
TLDR
This thesis proposes the first generic construction of distributed verifiable random functions (DVRF) that do not impose assumptions on trusted generation of secret keys and whose outputs remain pseudorandom even in a presence of up to n − 1 corrupted servers. Expand
Soft-Timeout Distributed Key Generation for Digital Signature based on Elliptic Curve D-log for Low-Power Devices
TLDR
A threshold signature scheme based on Pedersen distributed key generation principle which is suitable for handheld devices and ad-hoc networks is proposed and the signature can be generated and verified efficiently. Expand
Threshold and Revocation Cryptosystems via Extractable Hash Proofs
  • H. Wee
  • Mathematics, Computer Science
  • EUROCRYPT
  • 2011
We present a new unifying framework for constructing noninteractive threshold encryption and signature schemes, as well as broadcast encryption schemes, and in particular, derive several newExpand
Distributed key generation protocol with hierarchical threshold access structure
TLDR
This study considers the problem of DKG in groups with hierarchical structure where the authorised subsets can be defined by a hierarchical threshold access structure and proposes a verifiable hierarchical threshold secret sharing protocol that satisfies all the security requirements. Expand
Distributed Key Generation in the Wild
TLDR
This work proposes a practical system model for the Internet and defines an efficient verifiable secret sharing (VSS) scheme in it and designs a provably secure DKG protocol, which is implemented and establishes its efficiency and reliability by extensively testing it on the PlanetLab platform. Expand
Aggregatable Distributed Key Generation
TLDR
This paper introduces a distributed key generation (DKG) protocol with aggregatable and publicly-verifiable transcripts and proves the security of the aggregatable DKG as well as that of several existing DKGs, including the popular Pedersen variant. Expand
Distributed Private-Key Generators for Identity-Based Cryptography
TLDR
This paper designs distributed PKG setup and private key extraction protocols for three important IBE schemes; namely, Boneh and Franklin's BF-IBE, Sakai and Kasahara's SK- IBE, and Boneh & Boyen's BB1-IBe and proves their IND-ID-CCA security in the random oracle model against a Byzantine adversary. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 47 REFERENCES
Revisiting the Distributed Key Generation for Discrete-Log Based Cryptosystems
A Distributed Key Generation (DKG) protocol is an essential component of any threshold cryptosystem. It is used to initialize the cryptosystem and generate its private and public keys, and it is usedExpand
Secure Distributed Key Generation for Discrete-Log Based Cryptosystems
TLDR
A distributed key generation protocol, that achieves optimal resiliency, can be used as a drop-in replacement for key generation modules as well as other components of threshold or proactive discrete-log based cryptosystems. Expand
Adaptive Security for Threshold Cryptosystems
We present adaptively-secure efficient solutions to several central problems in the area of threshold cryptography. We prove these solutions to withstand adaptive attackers that choose parties forExpand
Weakness in Some Threshold Cryptosystems
TLDR
It is shown that the n-out-of-n threshold undeniable signature scheme has an actual security of only 2-out of-n, and the discrete log based threshold signature schemes have a weakness in the key generation protocol. Expand
Optimal-resilience proactive public-key cryptosystems
TLDR
A threshold function sharing scheme with proactive security for general functions with a "homomorphic property" (a class which includes all RSA variants and Discrete logarithm variants) and enables computation of the function by the servers assuring high availability, security and efficiency. Expand
Adaptively secure distributed public-key systems
TLDR
This paper constructs distributed discrete-log-based and RSA-based public-key systems which are secure against an adaptive adversary and extends the discrete- log-based systems to have proactive security, that is, security against an (adaptive) mobile adversary that has an upper bound on the number of servers it may corrupt at any one time, but no upper bound over the lifetime of the system. Expand
Efficient signature generation by smart cards
  • C. Schnorr
  • Mathematics, Computer Science
  • Journal of Cryptology
  • 2004
TLDR
An efficient algorithm that preprocesses the exponentiation of a random residue modulo p is presented, which improves the ElGamal signature scheme in the speed of the procedures for the generation and the verification of signatures and also in the bit length of signatures. Expand
Proactive public key and signature systems
Emerging applications like electronic commerce and secure communications over open networks have made clear the fundamental role of public key cryptography as a unique enabler for world-wide scaleExpand
Secure INtrusion-Tolerant Replication on the Internet
  • C. Cachin, J. Poritz
  • Computer Science
  • Proceedings International Conference on Dependable Systems and Networks
  • 2002
TLDR
The implementation of SINTRA in Java is described and timing measurements are given for a test-bed of servers distributed over three continents, showing that extensive use of public-key cryptography does not impose a large overhead for secure coordination in wide-area networks. Expand
A Threshold Cryptosystem without a Trusted Party (Extended Abstract)
In a threshold cryptosystem n members share the necret key of an organization such that k members (1 5 k 5 n) must cooperate in order to decipher a given uphertext. In this note it is shown how toExpand
...
1
2
3
4
5
...