NIST announces the release of Draft NISTIR 8214, Threshold Schemes for Cryptographic Primitives. This publication provides a high-level overview of the possibilities that threshold schemes bring for enhancing the robustness of cryptographic primitive implementations. With its release, NIST also intends to initiate a discussion about the standardization of threshold schemes.

The goal of this document is to help readers understand the challenges and opportunities offered by threshold cryptography, typically as a tradeoff between different security properties desired in implementations of cryptographic primitives (e.g., signatures, encryption). Draft NISTIR 8214 also considers the implications of potential standardization for the validation and use of practical implementations of threshold cryptographic schemes.

• Section 1 introduces the threshold approach as an option for addressing the problem of having a single point of failure in implementations of cryptographic primitives.

• Section 2 describes fundamental concepts, such as secret sharing and re-sharing; side channels and fault attacks; and some helpful terminology.

• Section 3 provides examples of simple threshold cryptographic schemes.

• Section 4 motivates the need for models to evaluate the properties of threshold cryptographic schemes. These models describe goals and capabilities of adversaries, describe modes of interaction both within a threshold scheme and with the environment, and identify tradeoffs between diverse security properties.

• Section 5 introduces a set of characterizing features of threshold schemes, whose description serves as a baseline platform for comparison across schemes and for developing security assertions.

• Section 6 outlines the potential validation requirements for implementations of threshold cryptographic primitives, which would require developing guidelines for formulating and validating security assertions about implementations of threshold schemes.

• Section 7 poses representative questions to motivate a discussion about criteria for standardization of this technology.

• Section 8 concludes with a short summary and a call to engage with stakeholders throughout the steps towards standardization.

Your feedback is important to improve this publication. Each contributed review will be appreciated. Insightful comments from an international spectrum, including from public and private sectors, and from industrial and academic institutions, will help us shape this reference for discussion towards standardization and validation of threshold schemes that can enhance the security of implementations of cryptographic primitives.

The comment period ends October 22, 2018. Comments may be submitted to threshold-crypto@nist.gov with the Subject “Comments on Draft NISTIR 8214”.