Secure Applications of Pedersen’s Distributed Key Generation Protocol View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2003-02-28

AUTHORS

Rosario Gennaro , Stanislaw Jarecki , Hugo Krawczyk , Tal Rabin

ABSTRACT

A Distributed Key Generation (DKG)p rotocol is an essential component of any threshold cryptosystem. It is used to initialize the cryptosystem and generate its private and public keys, and it is used as a subprotocol, for example to generate a one-time key pair which is a part of any threshold El-Gamal-like signature scheme. Gennaro et al. showed [GJKR99] that a widely-known non-interactive DKG protocol suggested by Pedersen does not guarantee a uniformly random distribution of generated secret keys even in the static adversary model. Furthermore, Gennaro et al. proposed to replace this protocol with one that guarantees a uniform distribution of the generated key but requires an extra round of reliable broadcast communication. We investigate the question whether some discrete-log based threshold cryptosystems remain secure when implemented using the more efficient DKG protocol of Pedersen, in spite of the fact that the adversary can skew the distribution of the secret key generated by this protocol. We answer this question in the positive. We show that threshold versions of some schemes whose security reduces to the hardness of the discrete logarithm problem, remain secure when implemented with Pedersen DKG. We exemplify this claim with a threshold Schnorr signature scheme. However, the resulting scheme has less efficient security reduction (in the random oracle model)from the hardness of the discrete logarithm problem than the same scheme implemented with the computationally more expensive DKG protocol of Gennaro et al. Thus our results imply a trade-o. in the design of threshold versions of certain discrete-log based schemes between the round complexity of a protocol and the size of the modulus. More... »

PAGES

373-390

Book

TITLE

Topics in Cryptology — CT-RSA 2003

ISBN

978-3-540-00847-7
978-3-540-36563-1

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/3-540-36563-x_26

DOI

http://dx.doi.org/10.1007/3-540-36563-x_26

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1038350402


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "IBM T.J.Watson Research, USA", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "IBM T.J.Watson Research, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Gennaro", 
        "givenName": "Rosario", 
        "id": "sg:person.013573255563.35", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013573255563.35"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Stanford University, USA", 
          "id": "http://www.grid.ac/institutes/grid.168010.e", 
          "name": [
            "Stanford University, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Jarecki", 
        "givenName": "Stanislaw", 
        "id": "sg:person.014344574541.81", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014344574541.81"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "IBM T.J.Watson Research, USA", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "IBM T.J.Watson Research, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Krawczyk", 
        "givenName": "Hugo", 
        "id": "sg:person.013004021661.30", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013004021661.30"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "IBM T.J.Watson Research, USA", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "IBM T.J.Watson Research, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Rabin", 
        "givenName": "Tal", 
        "id": "sg:person.015473523512.58", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015473523512.58"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2003-02-28", 
    "datePublishedReg": "2003-02-28", 
    "description": "A Distributed Key Generation (DKG)p rotocol is an essential component of any threshold cryptosystem. It is used to initialize the cryptosystem and generate its private and public keys, and it is used as a subprotocol, for example to generate a one-time key pair which is a part of any threshold El-Gamal-like signature scheme. Gennaro et al. showed [GJKR99] that a widely-known non-interactive DKG protocol suggested by Pedersen does not guarantee a uniformly random distribution of generated secret keys even in the static adversary model. Furthermore, Gennaro et al. proposed to replace this protocol with one that guarantees a uniform distribution of the generated key but requires an extra round of reliable broadcast communication. We investigate the question whether some discrete-log based threshold cryptosystems remain secure when implemented using the more efficient DKG protocol of Pedersen, in spite of the fact that the adversary can skew the distribution of the secret key generated by this protocol. We answer this question in the positive. We show that threshold versions of some schemes whose security reduces to the hardness of the discrete logarithm problem, remain secure when implemented with Pedersen DKG. We exemplify this claim with a threshold Schnorr signature scheme. However, the resulting scheme has less efficient security reduction (in the random oracle model)from the hardness of the discrete logarithm problem than the same scheme implemented with the computationally more expensive DKG protocol of Gennaro et al. Thus our results imply a trade-o. in the design of threshold versions of certain discrete-log based schemes between the round complexity of a protocol and the size of the modulus.", 
    "editor": [
      {
        "familyName": "Joye", 
        "givenName": "Marc", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/3-540-36563-x_26", 
    "inLanguage": "en", 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-540-00847-7", 
        "978-3-540-36563-1"
      ], 
      "name": "Topics in Cryptology \u2014 CT-RSA 2003", 
      "type": "Book"
    }, 
    "keywords": [
      "discrete logarithm problem", 
      "Gennaro et al", 
      "DKG protocol", 
      "threshold cryptosystems", 
      "logarithm problem", 
      "secret key", 
      "signature scheme", 
      "efficient security reduction", 
      "reliable broadcast communication", 
      "Schnorr signature scheme", 
      "key generation protocol", 
      "threshold version", 
      "secure applications", 
      "adversary model", 
      "key pair", 
      "public key", 
      "key generation", 
      "broadcast communication", 
      "security reduction", 
      "random oracles", 
      "round complexity", 
      "cryptosystem", 
      "El Gamal", 
      "generation protocol", 
      "scheme", 
      "key", 
      "protocol", 
      "adversary", 
      "extra round", 
      "oracle", 
      "security", 
      "subprotocol", 
      "same scheme", 
      "complexity", 
      "version", 
      "communication", 
      "applications", 
      "positives", 
      "essential component", 
      "design", 
      "et al", 
      "example", 
      "DKG", 
      "model", 
      "generation", 
      "rounds", 
      "one", 
      "components", 
      "questions", 
      "part", 
      "results", 
      "fact", 
      "uniform distribution", 
      "pairs", 
      "distribution", 
      "Pedersen", 
      "trade", 
      "random distribution", 
      "size", 
      "spite", 
      "al", 
      "claims", 
      "reduction", 
      "hardness", 
      "problem", 
      "modulus"
    ], 
    "name": "Secure Applications of Pedersen\u2019s Distributed Key Generation Protocol", 
    "pagination": "373-390", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1038350402"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/3-540-36563-x_26"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/3-540-36563-x_26", 
      "https://app.dimensions.ai/details/publication/pub.1038350402"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-05-10T10:56", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220509/entities/gbq_results/chapter/chapter_73.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/3-540-36563-x_26"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/3-540-36563-x_26'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/3-540-36563-x_26'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/3-540-36563-x_26'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/3-540-36563-x_26'


 

This table displays all metadata directly associated to this object as RDF triples.

150 TRIPLES      23 PREDICATES      91 URIs      84 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/3-540-36563-x_26 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author Naeaa929ca2b04a38982cfd789712becb
4 schema:datePublished 2003-02-28
5 schema:datePublishedReg 2003-02-28
6 schema:description A Distributed Key Generation (DKG)p rotocol is an essential component of any threshold cryptosystem. It is used to initialize the cryptosystem and generate its private and public keys, and it is used as a subprotocol, for example to generate a one-time key pair which is a part of any threshold El-Gamal-like signature scheme. Gennaro et al. showed [GJKR99] that a widely-known non-interactive DKG protocol suggested by Pedersen does not guarantee a uniformly random distribution of generated secret keys even in the static adversary model. Furthermore, Gennaro et al. proposed to replace this protocol with one that guarantees a uniform distribution of the generated key but requires an extra round of reliable broadcast communication. We investigate the question whether some discrete-log based threshold cryptosystems remain secure when implemented using the more efficient DKG protocol of Pedersen, in spite of the fact that the adversary can skew the distribution of the secret key generated by this protocol. We answer this question in the positive. We show that threshold versions of some schemes whose security reduces to the hardness of the discrete logarithm problem, remain secure when implemented with Pedersen DKG. We exemplify this claim with a threshold Schnorr signature scheme. However, the resulting scheme has less efficient security reduction (in the random oracle model)from the hardness of the discrete logarithm problem than the same scheme implemented with the computationally more expensive DKG protocol of Gennaro et al. Thus our results imply a trade-o. in the design of threshold versions of certain discrete-log based schemes between the round complexity of a protocol and the size of the modulus.
7 schema:editor Nbb98bff9ed3a44c79c64a784412bd941
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree false
11 schema:isPartOf N71da402338f44fd99dd8feb0d4a71d1c
12 schema:keywords DKG
13 DKG protocol
14 El Gamal
15 Gennaro et al
16 Pedersen
17 Schnorr signature scheme
18 adversary
19 adversary model
20 al
21 applications
22 broadcast communication
23 claims
24 communication
25 complexity
26 components
27 cryptosystem
28 design
29 discrete logarithm problem
30 distribution
31 efficient security reduction
32 essential component
33 et al
34 example
35 extra round
36 fact
37 generation
38 generation protocol
39 hardness
40 key
41 key generation
42 key generation protocol
43 key pair
44 logarithm problem
45 model
46 modulus
47 one
48 oracle
49 pairs
50 part
51 positives
52 problem
53 protocol
54 public key
55 questions
56 random distribution
57 random oracles
58 reduction
59 reliable broadcast communication
60 results
61 round complexity
62 rounds
63 same scheme
64 scheme
65 secret key
66 secure applications
67 security
68 security reduction
69 signature scheme
70 size
71 spite
72 subprotocol
73 threshold cryptosystems
74 threshold version
75 trade
76 uniform distribution
77 version
78 schema:name Secure Applications of Pedersen’s Distributed Key Generation Protocol
79 schema:pagination 373-390
80 schema:productId N7dff5605e2f147a5b6746523658f6d4d
81 Ne313a38dc4f04e0d8d55528c5b163901
82 schema:publisher N8adcacf209634620a1909602e0f59cfc
83 schema:sameAs https://app.dimensions.ai/details/publication/pub.1038350402
84 https://doi.org/10.1007/3-540-36563-x_26
85 schema:sdDatePublished 2022-05-10T10:56
86 schema:sdLicense https://scigraph.springernature.com/explorer/license/
87 schema:sdPublisher Nfa2d70de0ba3432f84c3b3fafc84e5ba
88 schema:url https://doi.org/10.1007/3-540-36563-x_26
89 sgo:license sg:explorer/license/
90 sgo:sdDataset chapters
91 rdf:type schema:Chapter
92 N447f6373157e43faae9c2b1911892965 rdf:first sg:person.015473523512.58
93 rdf:rest rdf:nil
94 N71da402338f44fd99dd8feb0d4a71d1c schema:isbn 978-3-540-00847-7
95 978-3-540-36563-1
96 schema:name Topics in Cryptology — CT-RSA 2003
97 rdf:type schema:Book
98 N7dff5605e2f147a5b6746523658f6d4d schema:name dimensions_id
99 schema:value pub.1038350402
100 rdf:type schema:PropertyValue
101 N8adcacf209634620a1909602e0f59cfc schema:name Springer Nature
102 rdf:type schema:Organisation
103 Na90dce26b48b4bc985447f3b226d6f0a rdf:first sg:person.014344574541.81
104 rdf:rest Ne34e0df02175411f8cd7b463160c0f9c
105 Naeaa929ca2b04a38982cfd789712becb rdf:first sg:person.013573255563.35
106 rdf:rest Na90dce26b48b4bc985447f3b226d6f0a
107 Nbb98bff9ed3a44c79c64a784412bd941 rdf:first Nf6f12eef07f74877910b32722bae0cc9
108 rdf:rest rdf:nil
109 Ne313a38dc4f04e0d8d55528c5b163901 schema:name doi
110 schema:value 10.1007/3-540-36563-x_26
111 rdf:type schema:PropertyValue
112 Ne34e0df02175411f8cd7b463160c0f9c rdf:first sg:person.013004021661.30
113 rdf:rest N447f6373157e43faae9c2b1911892965
114 Nf6f12eef07f74877910b32722bae0cc9 schema:familyName Joye
115 schema:givenName Marc
116 rdf:type schema:Person
117 Nfa2d70de0ba3432f84c3b3fafc84e5ba schema:name Springer Nature - SN SciGraph project
118 rdf:type schema:Organization
119 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
120 schema:name Information and Computing Sciences
121 rdf:type schema:DefinedTerm
122 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
123 schema:name Data Format
124 rdf:type schema:DefinedTerm
125 sg:person.013004021661.30 schema:affiliation grid-institutes:None
126 schema:familyName Krawczyk
127 schema:givenName Hugo
128 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013004021661.30
129 rdf:type schema:Person
130 sg:person.013573255563.35 schema:affiliation grid-institutes:None
131 schema:familyName Gennaro
132 schema:givenName Rosario
133 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013573255563.35
134 rdf:type schema:Person
135 sg:person.014344574541.81 schema:affiliation grid-institutes:grid.168010.e
136 schema:familyName Jarecki
137 schema:givenName Stanislaw
138 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014344574541.81
139 rdf:type schema:Person
140 sg:person.015473523512.58 schema:affiliation grid-institutes:None
141 schema:familyName Rabin
142 schema:givenName Tal
143 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015473523512.58
144 rdf:type schema:Person
145 grid-institutes:None schema:alternateName IBM T.J.Watson Research, USA
146 schema:name IBM T.J.Watson Research, USA
147 rdf:type schema:Organization
148 grid-institutes:grid.168010.e schema:alternateName Stanford University, USA
149 schema:name Stanford University, USA
150 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...