Secure Threshold Multi Authority Attribute Based Encryption without a Central Authority
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
A Secure Round-Based Timestamping Scheme with Absolute Timestamps (Short Paper)
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Fair Threshold Decryption with Semi-Trusted Third Parties
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Improving and Simplifying a Variant of Prêt à Voter
VOTE-ID '09 Proceedings of the 2nd International Conference on E-Voting and Identity
IEEE Transactions on Wireless Communications
Secure threshold multi authority attribute based encryption without a central authority
Information Sciences: an International Journal
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Electing a university president using open-audit voting: analysis of real-world use of Helios
EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Certificateless threshold signature scheme from bilinear maps
Information Sciences: an International Journal
Distributed private-key generators for identity-based cryptography
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Fully secure threshold unsigncryption
ProvSec'10 Proceedings of the 4th international conference on Provable security
Fair threshold decryption with semi-trusted third parties
International Journal of Applied Cryptography
Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
Distributed paillier cryptosystem without trusted dealer
WISA'10 Proceedings of the 11th international conference on Information security applications
Secure efficient multiparty computing of multivariate polynomials and applications
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Fully distributed broadcast encryption
ProvSec'11 Proceedings of the 5th international conference on Provable security
Securing admission control in ubiquitous computing environment
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
Generic on-line/off-line threshold signatures
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Computational verifiable secret sharing revisited
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Efficient RSA key generation and threshold paillier in the two-party setting
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Efficient robust private set intersection
International Journal of Applied Cryptography
Improving Helios with everlasting privacy towards the public
EVT/WOTE'12 Proceedings of the 2012 international conference on Electronic Voting Technology/Workshop on Trustworthy Elections
Certificateless threshold signature secure in the standard model
Information Sciences: an International Journal
Distributed ElGamal à la Pedersen: Application to Helios
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Signcryption schemes with threshold unsigncryption, and applications
Designs, Codes and Cryptography
An efficient privacy-preserving solution for finding the nearest doctor
Personal and Ubiquitous Computing
| Hi-index | 0.00 |
A Distributed Key Generation (DKG) protocol is an essential component of threshold cryptosystems required to initialize the cryptosystem securely and generate its private and public keys. In the case of discrete-log-based (dlog-based) threshold signature schemes (ElGamal and its derivatives), the DKG protocol is further used in the distributed signature generation phase to generate one-time signature randomizers (r = gk). In this paper we show that a widely used dlog-based DKG protocol suggested by Pedersen does not guarantee a uniformly random distribution of generated keys: we describe an efficient active attacker controlling a small number of parties which successfully biases the values of the generated keys away from uniform. We then present a new DKG protocol for the setting of dlog-based cryptosystems which we prove to satisfy the security requirements from DKG protocols and, in particular, it ensures a uniform distribution of the generated keys. The new protocol can be used as a secure replacement for the many applications of Pedersen's protocol. Motivated by the fact that the new DKG protocol incurs additional communication cost relative to Pedersen's original protocol, we investigate whether the latter can be used in specific applications which require relaxed security properties from the DKG protocol. We answer this question affirmatively by showing that Pedersen's protocol suffices for the secure implementation of certain threshold cryptosystems whose security can be reduced to the hardness of the discrete logarithm problem. In particular, we show Pedersen's DKG to be sufficient for the construction of a threshold Schnorr signature scheme. Finally, we observe an interesting trade-off between security (reductions), computation, and communication that arises when comparing Pedersen's DKG protocol with ours.