Threshold Cryptography refers to a system whereby multiple parties are required to engage in a cryptographic process, either to produce a digital signature (for example to sign a document) or to decrypt a file or a piece of data. This can be accomplished by dividing a key into multiple “shares”, and devising a system that requires multiple shares in order to perform the cryptographic operations. Threshold Cryptography systems are characterized as (n, t+1), where n refers to the number of shares and t+1 refers to the number of shares required to perform crypto operations. Up to “t” shares can be compromised without affecting the security of the system.
For example in a (3, 2) system, a key is divided into 3 shares and any 2 can combine to sign or decrypt files. A single share can be compromised without losing security.
Note that in this kind of scheme the key is not simply divided up into sections, the shares are derived using “scary math”, so if an adversary gets hold of one of the shares, it doesn’t actually reveal any information about the key.
Threshold Cryptography has a number of use cases, including:
- Securing private keys for applications like BitCoin wallets. Private keys (which are used to unlock BitCoin transactions) can be stored across multiple devices, making the keys more difficult for hackers to steal, and improving the security of your Bitcoins.
- Securing keys for decrypting sensitive data. Multiple shares would be required to decrypt the data, making the private key more difficult for hackers and other adversaries to obtain.
- Providing for a multi-party signature, without having to combine multiple different private keys. The parties would use the “shares” to participate in the signatory process and the final signature would represent a single private key.
- Social password recovery – a private key’s shares could be distributed to friends and relatives (or to a lawyer or notary) to be used to recover a lost password or key. None of the “bearers” would have enough information to act on their own (or for a hacker to exploit) however this could provide a failsafe recovery for a forgotten password or lost key.
- Distribution of public and private keys. In fact, one of the early use cases for Threshold Cryptography was to support a distributed CA model for an ad-hoc mobile network, to improve the resilience and security of the network. A similar model could be applied to a blockchain network (which is a similar model), and could be used to either improve the security around Hyperledger Fabric’s CA process, or to support a distributed CA for a public version of a Hyperledger Fabric network.
In all the above scenarios, if any of the “shares” were lost or compromised, new shares could be generated and distributed without having to revoke and re-generate the underlying private key.
Threshold cryptography can be used in combination with tokenization to devise a system where data can be securely shared between users without revealing the data to third-party observers or adversaries, without having to reveal or share secret keys between the end users or any intermediary systems. Anon Solutions is currently doing research in this area, which will be discussed in a future blog post.
If you have any questions or comments, or are interested in any of the solutions discussed, please send me a note.