Ontology type: schema:Chapter
2003-02-28
AUTHORSRosario Gennaro , Stanislaw Jarecki , Hugo Krawczyk , Tal Rabin
ABSTRACTA Distributed Key Generation (DKG)p rotocol is an essential component of any threshold cryptosystem. It is used to initialize the cryptosystem and generate its private and public keys, and it is used as a subprotocol, for example to generate a one-time key pair which is a part of any threshold El-Gamal-like signature scheme. Gennaro et al. showed [GJKR99] that a widely-known non-interactive DKG protocol suggested by Pedersen does not guarantee a uniformly random distribution of generated secret keys even in the static adversary model. Furthermore, Gennaro et al. proposed to replace this protocol with one that guarantees a uniform distribution of the generated key but requires an extra round of reliable broadcast communication. We investigate the question whether some discrete-log based threshold cryptosystems remain secure when implemented using the more efficient DKG protocol of Pedersen, in spite of the fact that the adversary can skew the distribution of the secret key generated by this protocol. We answer this question in the positive. We show that threshold versions of some schemes whose security reduces to the hardness of the discrete logarithm problem, remain secure when implemented with Pedersen DKG. We exemplify this claim with a threshold Schnorr signature scheme. However, the resulting scheme has less efficient security reduction (in the random oracle model)from the hardness of the discrete logarithm problem than the same scheme implemented with the computationally more expensive DKG protocol of Gennaro et al. Thus our results imply a trade-o. in the design of threshold versions of certain discrete-log based schemes between the round complexity of a protocol and the size of the modulus. More... »
PAGES373-390
Topics in Cryptology — CT-RSA 2003
ISBN
978-3-540-00847-7
978-3-540-36563-1
http://scigraph.springernature.com/pub.10.1007/3-540-36563-x_26
DOIhttp://dx.doi.org/10.1007/3-540-36563-x_26
DIMENSIONShttps://app.dimensions.ai/details/publication/pub.1038350402
JSON-LD is the canonical representation for SciGraph data.
TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT
[
{
"@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json",
"about": [
{
"id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08",
"inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/",
"name": "Information and Computing Sciences",
"type": "DefinedTerm"
},
{
"id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804",
"inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/",
"name": "Data Format",
"type": "DefinedTerm"
}
],
"author": [
{
"affiliation": {
"alternateName": "IBM T.J.Watson Research, USA",
"id": "http://www.grid.ac/institutes/None",
"name": [
"IBM T.J.Watson Research, USA"
],
"type": "Organization"
},
"familyName": "Gennaro",
"givenName": "Rosario",
"id": "sg:person.013573255563.35",
"sameAs": [
"https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013573255563.35"
],
"type": "Person"
},
{
"affiliation": {
"alternateName": "Stanford University, USA",
"id": "http://www.grid.ac/institutes/grid.168010.e",
"name": [
"Stanford University, USA"
],
"type": "Organization"
},
"familyName": "Jarecki",
"givenName": "Stanislaw",
"id": "sg:person.014344574541.81",
"sameAs": [
"https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014344574541.81"
],
"type": "Person"
},
{
"affiliation": {
"alternateName": "IBM T.J.Watson Research, USA",
"id": "http://www.grid.ac/institutes/None",
"name": [
"IBM T.J.Watson Research, USA"
],
"type": "Organization"
},
"familyName": "Krawczyk",
"givenName": "Hugo",
"id": "sg:person.013004021661.30",
"sameAs": [
"https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013004021661.30"
],
"type": "Person"
},
{
"affiliation": {
"alternateName": "IBM T.J.Watson Research, USA",
"id": "http://www.grid.ac/institutes/None",
"name": [
"IBM T.J.Watson Research, USA"
],
"type": "Organization"
},
"familyName": "Rabin",
"givenName": "Tal",
"id": "sg:person.015473523512.58",
"sameAs": [
"https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015473523512.58"
],
"type": "Person"
}
],
"datePublished": "2003-02-28",
"datePublishedReg": "2003-02-28",
"description": "A Distributed Key Generation (DKG)p rotocol is an essential component of any threshold cryptosystem. It is used to initialize the cryptosystem and generate its private and public keys, and it is used as a subprotocol, for example to generate a one-time key pair which is a part of any threshold El-Gamal-like signature scheme. Gennaro et al. showed [GJKR99] that a widely-known non-interactive DKG protocol suggested by Pedersen does not guarantee a uniformly random distribution of generated secret keys even in the static adversary model. Furthermore, Gennaro et al. proposed to replace this protocol with one that guarantees a uniform distribution of the generated key but requires an extra round of reliable broadcast communication. We investigate the question whether some discrete-log based threshold cryptosystems remain secure when implemented using the more efficient DKG protocol of Pedersen, in spite of the fact that the adversary can skew the distribution of the secret key generated by this protocol. We answer this question in the positive. We show that threshold versions of some schemes whose security reduces to the hardness of the discrete logarithm problem, remain secure when implemented with Pedersen DKG. We exemplify this claim with a threshold Schnorr signature scheme. However, the resulting scheme has less efficient security reduction (in the random oracle model)from the hardness of the discrete logarithm problem than the same scheme implemented with the computationally more expensive DKG protocol of Gennaro et al. Thus our results imply a trade-o. in the design of threshold versions of certain discrete-log based schemes between the round complexity of a protocol and the size of the modulus.",
"editor": [
{
"familyName": "Joye",
"givenName": "Marc",
"type": "Person"
}
],
"genre": "chapter",
"id": "sg:pub.10.1007/3-540-36563-x_26",
"inLanguage": "en",
"isAccessibleForFree": false,
"isPartOf": {
"isbn": [
"978-3-540-00847-7",
"978-3-540-36563-1"
],
"name": "Topics in Cryptology \u2014 CT-RSA 2003",
"type": "Book"
},
"keywords": [
"discrete logarithm problem",
"Gennaro et al",
"DKG protocol",
"threshold cryptosystems",
"logarithm problem",
"secret key",
"signature scheme",
"efficient security reduction",
"reliable broadcast communication",
"Schnorr signature scheme",
"key generation protocol",
"threshold version",
"secure applications",
"adversary model",
"key pair",
"public key",
"key generation",
"broadcast communication",
"security reduction",
"random oracles",
"round complexity",
"cryptosystem",
"El Gamal",
"generation protocol",
"scheme",
"key",
"protocol",
"adversary",
"extra round",
"oracle",
"security",
"subprotocol",
"same scheme",
"complexity",
"version",
"communication",
"applications",
"positives",
"essential component",
"design",
"et al",
"example",
"DKG",
"model",
"generation",
"rounds",
"one",
"components",
"questions",
"part",
"results",
"fact",
"uniform distribution",
"pairs",
"distribution",
"Pedersen",
"trade",
"random distribution",
"size",
"spite",
"al",
"claims",
"reduction",
"hardness",
"problem",
"modulus"
],
"name": "Secure Applications of Pedersen\u2019s Distributed Key Generation Protocol",
"pagination": "373-390",
"productId": [
{
"name": "dimensions_id",
"type": "PropertyValue",
"value": [
"pub.1038350402"
]
},
{
"name": "doi",
"type": "PropertyValue",
"value": [
"10.1007/3-540-36563-x_26"
]
}
],
"publisher": {
"name": "Springer Nature",
"type": "Organisation"
},
"sameAs": [
"https://doi.org/10.1007/3-540-36563-x_26",
"https://app.dimensions.ai/details/publication/pub.1038350402"
],
"sdDataset": "chapters",
"sdDatePublished": "2022-05-10T10:56",
"sdLicense": "https://scigraph.springernature.com/explorer/license/",
"sdPublisher": {
"name": "Springer Nature - SN SciGraph project",
"type": "Organization"
},
"sdSource": "s3://com-springernature-scigraph/baseset/20220509/entities/gbq_results/chapter/chapter_73.jsonl",
"type": "Chapter",
"url": "https://doi.org/10.1007/3-540-36563-x_26"
}
]Download the RDF metadata as: json-ld nt turtle xml License info
JSON-LD is a popular format for linked data which is fully compatible with JSON.
curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/3-540-36563-x_26'
N-Triples is a line-based linked data format ideal for batch operations.
curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/3-540-36563-x_26'
Turtle is a human-readable linked data format.
curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/3-540-36563-x_26'
RDF/XML is a standard XML format for linked data.
curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/3-540-36563-x_26'
This table displays all metadata directly associated to this object as RDF triples.
150 TRIPLES
23 PREDICATES
91 URIs
84 LITERALS
7 BLANK NODES
| Subject | Predicate | Object | |
|---|---|---|---|
| 1 | sg:pub.10.1007/3-540-36563-x_26 | schema:about | anzsrc-for:08 |
| 2 | ″ | ″ | anzsrc-for:0804 |
| 3 | ″ | schema:author | Naeaa929ca2b04a38982cfd789712becb |
| 4 | ″ | schema:datePublished | 2003-02-28 |
| 5 | ″ | schema:datePublishedReg | 2003-02-28 |
| 6 | ″ | schema:description | A Distributed Key Generation (DKG)p rotocol is an essential component of any threshold cryptosystem. It is used to initialize the cryptosystem and generate its private and public keys, and it is used as a subprotocol, for example to generate a one-time key pair which is a part of any threshold El-Gamal-like signature scheme. Gennaro et al. showed [GJKR99] that a widely-known non-interactive DKG protocol suggested by Pedersen does not guarantee a uniformly random distribution of generated secret keys even in the static adversary model. Furthermore, Gennaro et al. proposed to replace this protocol with one that guarantees a uniform distribution of the generated key but requires an extra round of reliable broadcast communication. We investigate the question whether some discrete-log based threshold cryptosystems remain secure when implemented using the more efficient DKG protocol of Pedersen, in spite of the fact that the adversary can skew the distribution of the secret key generated by this protocol. We answer this question in the positive. We show that threshold versions of some schemes whose security reduces to the hardness of the discrete logarithm problem, remain secure when implemented with Pedersen DKG. We exemplify this claim with a threshold Schnorr signature scheme. However, the resulting scheme has less efficient security reduction (in the random oracle model)from the hardness of the discrete logarithm problem than the same scheme implemented with the computationally more expensive DKG protocol of Gennaro et al. Thus our results imply a trade-o. in the design of threshold versions of certain discrete-log based schemes between the round complexity of a protocol and the size of the modulus. |
| 7 | ″ | schema:editor | Nbb98bff9ed3a44c79c64a784412bd941 |
| 8 | ″ | schema:genre | chapter |
| 9 | ″ | schema:inLanguage | en |
| 10 | ″ | schema:isAccessibleForFree | false |
| 11 | ″ | schema:isPartOf | N71da402338f44fd99dd8feb0d4a71d1c |
| 12 | ″ | schema:keywords | DKG |
| 13 | ″ | ″ | DKG protocol |
| 14 | ″ | ″ | El Gamal |
| 15 | ″ | ″ | Gennaro et al |
| 16 | ″ | ″ | Pedersen |
| 17 | ″ | ″ | Schnorr signature scheme |
| 18 | ″ | ″ | adversary |
| 19 | ″ | ″ | adversary model |
| 20 | ″ | ″ | al |
| 21 | ″ | ″ | applications |
| 22 | ″ | ″ | broadcast communication |
| 23 | ″ | ″ | claims |
| 24 | ″ | ″ | communication |
| 25 | ″ | ″ | complexity |
| 26 | ″ | ″ | components |
| 27 | ″ | ″ | cryptosystem |
| 28 | ″ | ″ | design |
| 29 | ″ | ″ | discrete logarithm problem |
| 30 | ″ | ″ | distribution |
| 31 | ″ | ″ | efficient security reduction |
| 32 | ″ | ″ | essential component |
| 33 | ″ | ″ | et al |
| 34 | ″ | ″ | example |
| 35 | ″ | ″ | extra round |
| 36 | ″ | ″ | fact |
| 37 | ″ | ″ | generation |
| 38 | ″ | ″ | generation protocol |
| 39 | ″ | ″ | hardness |
| 40 | ″ | ″ | key |
| 41 | ″ | ″ | key generation |
| 42 | ″ | ″ | key generation protocol |
| 43 | ″ | ″ | key pair |
| 44 | ″ | ″ | logarithm problem |
| 45 | ″ | ″ | model |
| 46 | ″ | ″ | modulus |
| 47 | ″ | ″ | one |
| 48 | ″ | ″ | oracle |
| 49 | ″ | ″ | pairs |
| 50 | ″ | ″ | part |
| 51 | ″ | ″ | positives |
| 52 | ″ | ″ | problem |
| 53 | ″ | ″ | protocol |
| 54 | ″ | ″ | public key |
| 55 | ″ | ″ | questions |
| 56 | ″ | ″ | random distribution |
| 57 | ″ | ″ | random oracles |
| 58 | ″ | ″ | reduction |
| 59 | ″ | ″ | reliable broadcast communication |
| 60 | ″ | ″ | results |
| 61 | ″ | ″ | round complexity |
| 62 | ″ | ″ | rounds |
| 63 | ″ | ″ | same scheme |
| 64 | ″ | ″ | scheme |
| 65 | ″ | ″ | secret key |
| 66 | ″ | ″ | secure applications |
| 67 | ″ | ″ | security |
| 68 | ″ | ″ | security reduction |
| 69 | ″ | ″ | signature scheme |
| 70 | ″ | ″ | size |
| 71 | ″ | ″ | spite |
| 72 | ″ | ″ | subprotocol |
| 73 | ″ | ″ | threshold cryptosystems |
| 74 | ″ | ″ | threshold version |
| 75 | ″ | ″ | trade |
| 76 | ″ | ″ | uniform distribution |
| 77 | ″ | ″ | version |
| 78 | ″ | schema:name | Secure Applications of Pedersen’s Distributed Key Generation Protocol |
| 79 | ″ | schema:pagination | 373-390 |
| 80 | ″ | schema:productId | N7dff5605e2f147a5b6746523658f6d4d |
| 81 | ″ | ″ | Ne313a38dc4f04e0d8d55528c5b163901 |
| 82 | ″ | schema:publisher | N8adcacf209634620a1909602e0f59cfc |
| 83 | ″ | schema:sameAs | https://app.dimensions.ai/details/publication/pub.1038350402 |
| 84 | ″ | ″ | https://doi.org/10.1007/3-540-36563-x_26 |
| 85 | ″ | schema:sdDatePublished | 2022-05-10T10:56 |
| 86 | ″ | schema:sdLicense | https://scigraph.springernature.com/explorer/license/ |
| 87 | ″ | schema:sdPublisher | Nfa2d70de0ba3432f84c3b3fafc84e5ba |
| 88 | ″ | schema:url | https://doi.org/10.1007/3-540-36563-x_26 |
| 89 | ″ | sgo:license | sg:explorer/license/ |
| 90 | ″ | sgo:sdDataset | chapters |
| 91 | ″ | rdf:type | schema:Chapter |
| 92 | N447f6373157e43faae9c2b1911892965 | rdf:first | sg:person.015473523512.58 |
| 93 | ″ | rdf:rest | rdf:nil |
| 94 | N71da402338f44fd99dd8feb0d4a71d1c | schema:isbn | 978-3-540-00847-7 |
| 95 | ″ | ″ | 978-3-540-36563-1 |
| 96 | ″ | schema:name | Topics in Cryptology — CT-RSA 2003 |
| 97 | ″ | rdf:type | schema:Book |
| 98 | N7dff5605e2f147a5b6746523658f6d4d | schema:name | dimensions_id |
| 99 | ″ | schema:value | pub.1038350402 |
| 100 | ″ | rdf:type | schema:PropertyValue |
| 101 | N8adcacf209634620a1909602e0f59cfc | schema:name | Springer Nature |
| 102 | ″ | rdf:type | schema:Organisation |
| 103 | Na90dce26b48b4bc985447f3b226d6f0a | rdf:first | sg:person.014344574541.81 |
| 104 | ″ | rdf:rest | Ne34e0df02175411f8cd7b463160c0f9c |
| 105 | Naeaa929ca2b04a38982cfd789712becb | rdf:first | sg:person.013573255563.35 |
| 106 | ″ | rdf:rest | Na90dce26b48b4bc985447f3b226d6f0a |
| 107 | Nbb98bff9ed3a44c79c64a784412bd941 | rdf:first | Nf6f12eef07f74877910b32722bae0cc9 |
| 108 | ″ | rdf:rest | rdf:nil |
| 109 | Ne313a38dc4f04e0d8d55528c5b163901 | schema:name | doi |
| 110 | ″ | schema:value | 10.1007/3-540-36563-x_26 |
| 111 | ″ | rdf:type | schema:PropertyValue |
| 112 | Ne34e0df02175411f8cd7b463160c0f9c | rdf:first | sg:person.013004021661.30 |
| 113 | ″ | rdf:rest | N447f6373157e43faae9c2b1911892965 |
| 114 | Nf6f12eef07f74877910b32722bae0cc9 | schema:familyName | Joye |
| 115 | ″ | schema:givenName | Marc |
| 116 | ″ | rdf:type | schema:Person |
| 117 | Nfa2d70de0ba3432f84c3b3fafc84e5ba | schema:name | Springer Nature - SN SciGraph project |
| 118 | ″ | rdf:type | schema:Organization |
| 119 | anzsrc-for:08 | schema:inDefinedTermSet | anzsrc-for: |
| 120 | ″ | schema:name | Information and Computing Sciences |
| 121 | ″ | rdf:type | schema:DefinedTerm |
| 122 | anzsrc-for:0804 | schema:inDefinedTermSet | anzsrc-for: |
| 123 | ″ | schema:name | Data Format |
| 124 | ″ | rdf:type | schema:DefinedTerm |
| 125 | sg:person.013004021661.30 | schema:affiliation | grid-institutes:None |
| 126 | ″ | schema:familyName | Krawczyk |
| 127 | ″ | schema:givenName | Hugo |
| 128 | ″ | schema:sameAs | https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013004021661.30 |
| 129 | ″ | rdf:type | schema:Person |
| 130 | sg:person.013573255563.35 | schema:affiliation | grid-institutes:None |
| 131 | ″ | schema:familyName | Gennaro |
| 132 | ″ | schema:givenName | Rosario |
| 133 | ″ | schema:sameAs | https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013573255563.35 |
| 134 | ″ | rdf:type | schema:Person |
| 135 | sg:person.014344574541.81 | schema:affiliation | grid-institutes:grid.168010.e |
| 136 | ″ | schema:familyName | Jarecki |
| 137 | ″ | schema:givenName | Stanislaw |
| 138 | ″ | schema:sameAs | https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014344574541.81 |
| 139 | ″ | rdf:type | schema:Person |
| 140 | sg:person.015473523512.58 | schema:affiliation | grid-institutes:None |
| 141 | ″ | schema:familyName | Rabin |
| 142 | ″ | schema:givenName | Tal |
| 143 | ″ | schema:sameAs | https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015473523512.58 |
| 144 | ″ | rdf:type | schema:Person |
| 145 | grid-institutes:None | schema:alternateName | IBM T.J.Watson Research, USA |
| 146 | ″ | schema:name | IBM T.J.Watson Research, USA |
| 147 | ″ | rdf:type | schema:Organization |
| 148 | grid-institutes:grid.168010.e | schema:alternateName | Stanford University, USA |
| 149 | ″ | schema:name | Stanford University, USA |
| 150 | ″ | rdf:type | schema:Organization |