Threshold value cryptosystem

A cryptosystem is called a threshold value cryptosystem if several parties (more than a certain threshold value) have to cooperate in order to decrypt an encrypted message. The message is encrypted with a public key and the corresponding private key is shared among the participants . Be the number of parties. Such a system is - threshold called if at least these parties can decrypt the ciphertext efficiently, while less than not get any useful information. Similarly, it is possible one - signature scheme to define in which at least must work together parties to produce a signature. ${\ displaystyle n}$ ${\ displaystyle (t, n)}$ ${\ displaystyle t}$ ${\ displaystyle t}$ ${\ displaystyle (t, n)}$ ${\ displaystyle t}$

Threshold versions of cryptosystems can be constructed for many public key systems. The obvious goal of such developments is to offer the same security as the original system. Such threshold value variants have been defined for:

application

The most common use is to store secrets in multiple locations to prevent the ciphertext from becoming known and then to perform cryptanalysis . Often the secret that is “split” is the secret key of a key pair in public key cryptography or the ciphertext of stored password hashes . In electronic voting systems, if they encrypt homomorphically at the same time, they offer the possibility of counting the votes cast using encryption, so that voting secrecy is preserved.

Historically, only organizations with very valuable secrets, such as certification bodies , the military or governments, have used such techniques. When the encrypted passwords of a large number of websites were compromised in October 2012, RSA Security announced that it would make software available that would make this technology available to the public.

Individual evidence

^ HL Nguyen: RSA Threshold Cryptography . May 4, 2005 (English, online at the Department of Computer Science, University of Bristol [PDF]).
^ Ivan Damgård, Mads Jurik and Jesper Buus Nielsen: A generalization of Paillier's public-key system with applications to electronic voting . December 1, 2012, doi : 10.1007 / s10207-010-0119-9 ( online at the Massachusetts Institute of Technology [PDF]).
↑ Paillier Threshold Encryption Toolbox . October 23, 2010 (English, online at the University of Texas, Dallas [PDF]).
↑ Ivan Damgård, Mads Jurik: A Length-Flexible Threshold Cryptosystem with Applications . ACISP 2003: 350-364
↑ Ivan Damgård, Mads Jurik: A Generalization, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System . Public Key Cryptography 2001: 119-136
↑ Tom Simonite: To Keep Passwords Safe from Hackers, Just Break Them into Bits . In: Technology Review , October 9, 2012.

[1] HL Nguyen: RSA Threshold Cryptography . May 4, 2005 (English, online at the Department of Computer Science, University of Bristol [PDF]).

[2] Ivan Damgård, Mads Jurik and Jesper Buus Nielsen: A generalization of Paillier's public-key system with applications to electronic voting . December 1, 2012, doi : 10.1007 / s10207-010-0119-9 ( online at the Massachusetts Institute of Technology [PDF]).

[3] Paillier Threshold Encryption Toolbox . October 23, 2010 (English, online at the University of Texas, Dallas [PDF]).

[4] Ivan Damgård, Mads Jurik: A Length-Flexible Threshold Cryptosystem with Applications . ACISP 2003: 350-364

[5] Ivan Damgård, Mads Jurik: A Generalization, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System . Public Key Cryptography 2001: 119-136

[6] Tom Simonite: To Keep Passwords Safe from Hackers, Just Break Them into Bits . In: Technology Review , October 9, 2012.

Threshold value cryptosystem

application

See also

Individual evidence