Building Threshold Cryptosystems over a SMR/Blockchain channel

Many contemporary threshold cryptographic proposals leverage blockchains as broadcast channels. However, blockchains (i.e., state machine replication (SMR) systems) only ensure that any two honest parties store the same prefix of messages in their logs. This makes SMR unsuitable as true broadcast channels. Indeed, an adversary can force an honest sender's message to not appear on a blockchain in time unless for an exorbitant broadcast time-out value.

In this talk, we advocate an alternative-but-natural design approach for building threshold cryptosystems in practice. Thanks to tremendous growth in the SMR/blockchain space in the last decade, we now have SMR solutions that offer sub-second level latency and throughput above 100K msg/sec. We propose to employ these extensively available blockchains for building threshold cryptography solutions; however, we treat them as SMRs and not as broadcast channels. In the talk, we will first focus on a key gadget/primitive that is highly suitable for this setting: non-interactive (publicly verifiable) secret sharing (PVSS). We will demonstrate how the PVSS and SMR combination allows us to develop a distributed key generation setup for ECDSA, EdDSA/Schnorr, and BLS signatures. While building threshold BLS signatures will be straightforward in this setup, we will need secure multi-party computation (MPC) capability for threshold ECDSA/EdDSA signatures. In the talk, we will then present how to build these solutions using threshold additive-homomorphic encryption as a gadget along with  PVSS and SMR for MPC. Finally, we will discuss solutions and challenges towards converting any broadcast-based threshold cryptosystem to one using an SMR.

[Slides]