Practical hierarchical threshold cryptosystem without a trusted dealer, with offline distributed signatures and decryption, plus zero-knowledge proofs.

Introduction

A cryptosystem is an implementation of an algorithm for encrypting and decrypting data, such as an email, image, video stream or other document. The simplest are symmetric cryptosystems, in which a single key is used to both encrypt and decrypt messages. This means that both the sender (Alice) and the recipient (Bob) need to know the key. Alice would have to send the key to Bob, with the danger that it would be intercepted. Public key systems, such as RSA, have two keys, a public one for encryption and for verifying signatures, and a secret one for decryption and signing. Alice generates the public key from the private one with a method that is not reversible. She can make the public key known to anyone who wants to send her a message, safe in the knowledge that only she can decrypt the message or sign documents.

In a threshold system, each party has their own part of the secret key, which is not shared. These are used to generate the public key. Decrypting a message requires a minimum number of private keys – the threshold. Thus, a message can be read only if enough parties agree. Moreover, since not all the parts of the private key are required, it does not matter if one is unavailable, so there is no single point of failure. However, existing threshold cryptosystems rely on a single, centralised, trusted entity to generate the keys and distribute them to each party. This entity, denoted as the trusted dealer, can cancel party equality and can become a single point of failure.

In this new cryptosystem, each party choses random numbers that are used to generate the keys. These are distributed in such a way that that the full private key is neither shared nor created. No trusted dealer is required, nor does the algorithm allow one to be established. Hence, this new cryptosystem uses a distributed method of creating and sharing the keys without a trusted dealer. When decrypting a message or signing a document, each party does part of the work. The embedded zero-knowledge proof can be used to prove that a partially decrypted or signed message has not been tampered with. Moreover, the keys can be shared with another group of parties with a different threshold, if the minimum number of secret key holders agree.

Possible applications

Here a few examples of how this cryptosystem could be used in a real application.

Interesting?

Right now, we’re on the finish line to bringing this cryptosystem to the world in the way to use inside any native, JVM or JS applications.

Anyway, please contact us at hello@kcry.pt if you want to test it today or learn more. Or you can subscribe to our newsletter to stay tuned.