U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)
Presentation

Securing DNSSEC Keys via Threshold ECDSA from generic MPC

November 6, 2020

Presenters

Kris Shrishak - TU Darmstadt

Description

Abstract: While prior work has shown that computing k^(-1) is the main challenge for threshold ECDSA and often resort to specialized protocols in order to obtain k^(-1), we show that out-of-the-box MPC suffices to compute a threshold ECDSA signature with essentially the same efficiency as the best existing schemes. To illustrate this generality, we implement our technique with all protocols supported by MP-SPDZ, allowing us to examine the trade-offs (in terms of efficiency) one has to make when choosing between different corruption models (malicious vs. semi-honest) and corruption thresholds (honest vs. dishonest majority). Our technique in particular shines in the preprocessing model, where one wants to make many signatures with the same key.

At the center of our protocol is a generic transformation of a secret-sharing scheme based on the following observation: Let G be a generator of group G of order p. Then, given an additive secret-sharing [x] over a field Zp, the value [x]G can be viewed as an additive secret-sharing over G. Notice that this transformation is entirely local. We achieve active security for the protocol over G using regular SPDZ type MACs. If the base Zp protocol is secured with SPDZ MACs, then the G protocol is secure as well, using the same MACs. Key generation, which has been costly in prior works, is simply generating a sharing of random element [x], converting it to a sharing of [xG] and opening it towards everyone to get the public key.

We use our threshold ECDSA protocol to secure DNSSEC keys. Very few domain owners run their own authoritative name servers and zone management is outsourced to DNS operators. Although outsourcing provides benefits such as increased availability of zones and fewer misconfigurations, several issues related to key management arise when DNSSEC is used. These issues extend from the domain owner relinquishing control of private keys to the DNS operator reusing keys for thousands of domains to the possibility of domain takedown by governments. We show how private keys can be secured in the outsourced DNS setting through threshold ECDSA.

Presented at

NIST Workshop on Multi-Party Threshold Schemes (MPTS) 2020. https://csrc.nist.rip/events/2020/mpts2020

Based on joint work with Anders Dalskov, Marcel Keller, Claudio Orlandi and Haya Shulman.

 

Event Details

Location

    
                            

Related Topics

Security and Privacy: cryptography

Created May 04, 2021, Updated June 07, 2021