Method and system for a public key cryptosystem having proactive, robust, and recoverable distributed threshold secret sharing

Assignee

• International Business Machines Corporation · US

Inventors

• Amir Herzberg · Ramat Gan, IL
• Stanislaw Jarecki · Cambridge, US
• Hugo M. Krawczyk · Tarrytown, US
• Marcel Mordechay Yung · New York, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/3252
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A proactive threshold secret sharing cryptosystem using a set of servers. The cryptosystem is a threshold cryptosystem, in the sense that service is maintained if at least (k+1) out of n servers are active and honest. The secret signature key is compromised only if the adversary breaks into at least (k+1) servers. It is robust in the sense that the honest servers detect faulty ones and the service is not disrupted. It is recoverable, because if the adversary erases all the local information on the server it compromised, the information can be restored as soon as the server comes back to performing the correct protocol. The method and system has proactiveness, which means that in order to learn the secret, the adversary has to break into (k+1) servers during the same round of the algorithm because the shares of the secret are periodically redistributed and rerandomized. The present invention uses a verifiable secret sharing mechanism to get the security requirements during the update between two rounds. The security of the scheme depends on the assumption of intractability of computing logarithms in a field of a big prime order and the EIGamal signature scheme.