Y. Desmedt. Some recent research aspects of threshold cryptography. In E. Okamoto, G. I. Davida, and M. Mambo, editors, ISW '97: Proceedings of the First International Workshop on Information Security, volume 1396 of Lecture Notes in Computer Science, pages 158--173. Springer-Verlag, 1998.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....cannot prevent another recipient from getting the message. Soon secret sharing schemes proved to be a useful tool, 20, 14] which led to the term threshold cryptography since the solutions are base on threshold secret sharing scheme. Desmedt has written two surveys on threshold cryptography, [15, 13]. The term threshold cryptography covers all distributed cryptographic operations, where the distribution is through a threshold secret sharing scheme, but so far only public key based operations have been proposed and analysed, see eg [22] What about symmetric ciphers Based on the tools ....

Y. Desmedt. Some recent research aspects of threshold cryptography. In Information Security, First International Workshop ISW '97, volume 1196 of Lecture Notes in Computer Science, pages 158--173, 1997.

....of an m 1 degree polynomial from m of n points yields a constant term in the polynomial that corresponds to the secret. In Blakley s scheme [6] the intersection of m of n vector spaces yields a one dimensional vector that corresponds to the secret. Desmedt surveys other sharing schemes [12]. Our VSR protocol expands on the concept embodied in VSS schemes, that of protecting shareholders from a faulty dealer. Chor et al. present a scheme in which the dealer and shareholders perform an interactive secure distributed computation [11] Benaloh [3] Gennaro and Micali [20, 21] Goldreich ....

Y. Desmedt. Some recent research aspects of threshold cryptography. In Proc. of the 1st Intl. Information Security Workshop, pp 158--173. Sept. 1997.

....that we have adopted to solve the new SMC problems. These approaches are based on many cryptographic tools including zero knowledge proof [35] oblivious transfer [34] 1 out ofn oblivious transfer [17, 9] oblivious evaluation of polynomials [32] secret sharing [36] threshold cryptography [15, 11], Yao s Millionaire Protocol [39, 7] We will only give an overview of the approaches that we used in solving some of the problems described in this paper because the main purpose of this paper is to present the set of new problems, rather than the specific techniques in solving them. As we know, ....

Y. Desmedt. Some recent research aspects of threshold cryptography. In Lecture Notes in Computer Science 1396, pages 158--173. Springer-Verlag, 1997.

....many others. In the past, secure multiparty computation research has mostly been focusing on the theoretical studies, very few applied problems have been studied. Those few applied problems include Private Information Retrieval problem (PIR) 12, 3, 11, 10, 13, 17, 14, 9] Joint digital signature [21, 5] and joint decryption, elections over the Internet, electronic bidding [2] and privacy preserving data mining [16, 1] 1 out of N Oblivious Transfer An 1 out of N Oblivious Transfer protocol [7, 4] refers to a protocol where at the beginning of the protocol one party, Bob has N inputs X 1 , ....

Y. Desmedt. Some recent research aspects of threshold cryptography. In Lecture Notes in Computer Science 1396, pages 158--173. Springer-Verlag, 1997.

....Problems Goldreich pointed out [55] We view the general solutions as asserting that very wide classes of problems are solvable in principle. However, we do not recommend using the solutions derived by these general results in practice. For example, although 16 Threshold Cryptography (cf. [50, 36]) is merely a special case of multi party computation, it is indeed bene cial to focus on its speci c. In this section, we review some speci c two party and multi party computation problems that are related to our work. Among various secure multi party computation problems, the Private ....

Y. Desmedt. Some recent research aspects of threshold cryptography. In Lecture Notes in Computer Science 1396, pages 158-173. Springer-Verlag, 1997.

....ine#cient to have t 1 nodes collaborating in every encryption or decryption. If the shared key is the private key of a public private key pair (e.g. RSA) t 1 nodes with di#erent shares can collectively sign (and decrypt) messages provided that the signature function satisfies this property [3]: there exist functions # # and g # such that g input (key) # # (g # input (share 1 ) g # input (share t 1 ) 1) The RSA signature function is homomorphic, and thus satisfies this property. The bottomline of this insight is that a distributed public key infrastructure that is similar ....

Y. Desmedt. Some recent research aspects of threshold cryptography. In E. Okamoto, G. Davida, and M. Mambo, editors, Proceedings on Information Security, volume 1396 of LNCS, pages 158--173. Springer-Verlag, 1997.

....of an m 1 degree polynomial from m of n points yields a constant term in the polynomial that corresponds to the secret. In Blakley s scheme [Bla79] the intersection of m of n vector spaces yields a one dimensional vector that corresponds to the secret. Desmedt surveys other sharing schemes [Des97] Feldman s VSS scheme [Fel87] is one of several to catch a dealer that attempts to distribute invalid shares. Chor et al. present a scheme in which the dealer and shareholders perform an interactive secure distributed computation [CGMA85] Benaloh [Ben87] Gennaro and Micali [GJKR96, GM95] ....

Yvo Desmedt. Some recent research aspects of threshold cryptography. In E. Okamoto, G. Davida, and M. Mambo, editors, Proc. of the 1st Intl. Information Security Workshop, volume 1396 of Lecture Notes in Computer Science, pages 158--173. Springer-Verlag, September 1997.

....is one service private public key pair. It is used for signing responses and certificates. All clients and servers know the service public key. The service private key is held by no COCA server. Instead, di#erent shares of the key are stored on each of the servers, and threshold cryptography [22, 23, 20, 21, 31] is used to construct signatures on responses and certificates. To sign a message: 1) each COCA server generates a partial signature from the message and that server s share of the service private key; 2) some COCA server combines these partial signatures and obtains the signed message. 3 ....

....the network can invalidate these assumptions and cause the e vault protocols to fail. Like with COCA, clients of e vault communicate with the system through a single server (there called a gateway) Cryptographic Building Blocks and Public Key Infrastructure. COCA employs threshold cryptography [22, 23, 20, 21, 31] and proactive secret sharing [45, 43, 42, 30, 29] as building blocks. Because existing protocols were not intended for systems in which (only) our Fair Links and Asynchrony assumptions hold, it was necessary to design new protocols for COCA [86, 85] Implementations of threshold cryptography and ....

Y. Desmedt. Some recent research aspects of threshold cryptography. In E. Okamoto, G. Davida, and M. Mambo, editors, Information Security, The 1st International Workshop, ISW'97, Tatsunokuchi, Ishikawa Japan, September 17--19,

....shares of the original secret. 2 Related work Blakley and Shamir invented secret sharing schemes independently. In Blakley s scheme [2] the intersection of m of n vector spaces yields a one dimensional vector that corresponds to the secret. Desmedt presents a survey of other sharing schemes [7]. Feldman s VSS scheme [9] is one of several to catch a dealer that attempts to distribute invalid shares. Chor et al. present a scheme in which the dealer and shareholders perform an interactive secure distributed computation [6] Benaloh [1] Gennaro and Micali [13] Goldreich et al. [14] and ....

Y. Desmedt. Some recent research aspects of threshold cryptography. In E. Okamoto, G. Davida, and M. Mambo, editors, Proc. of the 1st Intl. Information Security Workshop, volume 1396 of Lecture Notes in Computer Science, pages 158--173. Springer-Verlag, September 1997.

....private public key pair. It is used for signing responses and certi cates. All clients and servers know the service public key. The service private key is held by no COCA server, for obvious reasons. Instead, di erent shares of the key are stored on each of the servers, and threshold cryptography [16, 17, 14, 15, 24] is used to construct signatures on responses and certi cates. To sign a message: 1) each COCA server generates a partial signature from the message and that server s share of the service private key; 2) some COCA server combines these partial signatures and obtains the signed message. 4 ....

....masking Byzantine quorum system can tolerate compromise of as many as one fourth of servers. Recall, a dissemination quorum system tolerates one third of its servers being compromised. 37 single server (there called a gateway) Cryptographic Building Blocks. COCA employs threshold cryptography [16, 17, 14, 15, 24] and proactive secret sharing [38, 36, 35, 23, 22] as building blocks. Because this prior work was not intended for systems in which (only) our Fair Links and Asynchrony assumptions hold, it was necessary to design new protocols for COCA [78, 77] Implementations of threshold cryptography and ....

Y. Desmedt. Some recent research aspects of threshold cryptography. In E. Okamoto, G. Davida, and M. Mambo, editors, Information Security, The 1st International Workshop, ISW'97, Tatsunokuchi, Ishikawa Japan, September 1719,

....be simulated because we have used zero knowledge proofs. III. Limited time span escrow: the general case A. Limited time span escrow based on perfect hash families There are several secret sharing schemes which can be used for limited time span escrow (we refer the reader to [26] 28] 29] [30]) Here we present a k out of l (k l) scheme which is based on perfect hash families. To illustrate our technique we first describe a simple 2out of l secret sharing scheme [26] Then we show how to get a k out of l scheme with k 2, using the KurosawaStinson interpretation [27] 30] of the ....

....[29] 30] Here we present a k out of l (k l) scheme which is based on perfect hash families. To illustrate our technique we first describe a simple 2out of l secret sharing scheme [26] Then we show how to get a k out of l scheme with k 2, using the KurosawaStinson interpretation [27] [30], of the scheme in [29] Let K( Delta) be an Abelian group and a 2 K the secret. We number the participants i from 0 to l Gamma 1 and represent i in binary, i.e. i corresponds to the bits (i 1 ; i dlog 2 (l)e ) For the shares, we choose dlog 2 (l)e independent uniformly random elements ....

Y. Desmedt, "Some recent research aspects of threshold cryptography, " in Information Security, First International Workshop ISW '97, Lecture Notes in Computer Science #1196, M. Mambo E. Okamoto, E. Davida, Ed., 1997, pp. 158--173, Springer-Verlag.

No context found.

Y. Desmedt. Some recent research aspects of threshold cryptography. In E. Okamoto, G. I. Davida, and M. Mambo, editors, ISW '97: Proceedings of the First International Workshop on Information Security, volume 1396 of Lecture Notes in Computer Science, pages 158--173. Springer-Verlag, 1998.

No context found.

Y. Desmedt. Some recent research aspects of threshold cryptography. In E. Okamoto, G. Davida, and M. Mambo, editors, Proc. of the 1st Intl. Information Security Workshop, volume 1396 of Lecture Notes in Computer Science, pages 158--173. Springer-Verlag, September 1997.

No context found.

Y. Desmedt. Some recent research aspects of threshold cryptography. In Proc. of the 1st Intl. Information Security Workshop, vol. 1396 of Lecture Notes in Computer Science, pp. 158--173. Sept. 1997.

No context found.

Yvo Desmedt. Some recent research aspects of threshold cryptography. In E. Okamoto, G. Davida, and M. Mambo, editors, Proc. of the 1st Intl. Information Security Workshop, volume 1396 of Lecture Notes in Computer Science, pages 158--173. Springer-Verlag, September 1997.

No context found.

Y. Desmedt. Some recent research aspects of threshold cryptography. In E. Okamoto, G. I. Davida, and M. Mambo, editors, ISW '97: Proceedings of the First International Workshop on Information Security, volume 1396 of Lecture Notes in Computer Science, pages 158--173. Springer-Verlag, 1998.

No context found.

Y. Desmedt. Some recent research aspects of threshold cryptography. In E. Okamoto, G. Davida, and M. Mambo, editors, Information Security, The 1st International Workshop, ISW'97, Proceedings, volume 1396 of Lecture Notes in Computer Science, pages 158--173, Berlin, Germany, February 1998. Springer-Verlag.

No context found.

Yvo Desmedt. Some recent research aspects of threshold cryptography. In M. Mambo, E. Okamoto, and E. Davida, editors, Information Security, First International Workshop ISW '97, volume 1196 of Lecture Notes in Computer Science, pages 158--173. Springer-Verlag, 1997.

No context found.

Yvo Desmedt. Some Recent Research Aspects of Threshold Cryptography. Information Security, First International Workshop ISW '97, 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC