Sunday, September 14, 2003
In my continuing quest to best Zooko's Triangle, here is some info on Threshold Cryptography, another beast that I think may hold some clues to solving the Triangle (yesterday I talked about Identity Based Encryption, another piece of the puzzle). Here's some good info about this subject from a recent paper I've been reading. I've added bold to a section that surprised me on some recent developments in this field:
"Threshold cryptography addresses [the] secret
key storage problem by breaking a master key into numerous
secret shares and storing them on multiple machines.
For example, key K can be broken into k1, k2,
and k3, each of which is stored on a different machine.
All components of the broken key must be obtained
to reconstruct the entire key. Operations using the key
never allow it to be reconstructed in a single location.
Master key operations occur by submitting a request to
each machine holding a share. The requestor receives
all the computed responses and mathematically reconstructs
them into the correct message without revealing
the master key. For the key to be compromised, a person
would have to compromise each node containing
the shares of the key. With a large number of key components
distributed across the network, this becomes
extremely difficult.
Until recently, threshold cryptography suffered
from the requirement that the master key be generated
by a trusted party. That party would then separate
the master key and distribute the components.
This would render threshold cryptography useless in
a self-managed, distributed system. However, it has
been shown that a master key can be generated in a
distributed environment without constructing the key
at any single node [full details]. As long as less than half of the
nodes chosen to generate the key do not collude, the
key is not compromised during generation."
Basicly, we can create systems that depend on having a master private key for certain operations. Instead of needing to isolate this private key on a single trusted server, we can break it into pieces and distribute each of the pieces to a set of relatively untrusted peers. Then, Threshold Cryptography makes it possible to recombine these pieces in such a way that no one has full knowledge of the entire private key while still being able to use it for certain operations. I'm excited about the Boneh paper because it seems to show a more efficient form of threshold cryptography that doesn't require a master source to generate the private key; instead, the peers co-generate it. This is the same Boneh by the way who is behind the recent breakthrough in Identity Based Encryption.
"Threshold cryptography addresses [the] secret
key storage problem by breaking a master key into numerous
secret shares and storing them on multiple machines.
For example, key K can be broken into k1, k2,
and k3, each of which is stored on a different machine.
All components of the broken key must be obtained
to reconstruct the entire key. Operations using the key
never allow it to be reconstructed in a single location.
Master key operations occur by submitting a request to
each machine holding a share. The requestor receives
all the computed responses and mathematically reconstructs
them into the correct message without revealing
the master key. For the key to be compromised, a person
would have to compromise each node containing
the shares of the key. With a large number of key components
distributed across the network, this becomes
extremely difficult.
Until recently, threshold cryptography suffered
from the requirement that the master key be generated
by a trusted party. That party would then separate
the master key and distribute the components.
This would render threshold cryptography useless in
a self-managed, distributed system. However, it has
been shown that a master key can be generated in a
distributed environment without constructing the key
at any single node [full details]. As long as less than half of the
nodes chosen to generate the key do not collude, the
key is not compromised during generation."
Basicly, we can create systems that depend on having a master private key for certain operations. Instead of needing to isolate this private key on a single trusted server, we can break it into pieces and distribute each of the pieces to a set of relatively untrusted peers. Then, Threshold Cryptography makes it possible to recombine these pieces in such a way that no one has full knowledge of the entire private key while still being able to use it for certain operations. I'm excited about the Boneh paper because it seems to show a more efficient form of threshold cryptography that doesn't require a master source to generate the private key; instead, the peers co-generate it. This is the same Boneh by the way who is behind the recent breakthrough in Identity Based Encryption.
Subscribe to Posts [Atom]