U.S. flag   An unofficial archive of your favorite United States government website
This is an archive
(replace .gov by .rip)

Threshold Cryptography TC

Project Overview

This project focuses on threshold schemes for cryptographic primitives, which have a potential for strengthening the secrecy of cryptographic keys, as well as enhancing integrity and availability of implemented primitives. The project will drive an open and transparent standardization process based on established NIST principles. The process involves engaging with and incorporating feedback from the community of stakeholders, including researchers and practitioners in academia, industry and government.

As defined in NISTIR 8214A, the project has two main tracks: Multi-Party and Single Device.

Current step (1st semester of 2021): For each track, the threshold cryptography team is currently performing internal work related to developing criteria for future interactions related to calls for contributions and standardization.

Next step (2nd semester of 2021): TBA. We plan to post updates and engage in new public discussions in the second semester of 2021. The discussions will be separate per track.

To access detailed material about the NIST-organized workshops, check the "Events" page.

So far, the main publications in the project are in the form of NIST Internal Reports (NISTIR), elaborated internally at NIST and made publicly available for comments and consultation.

NISTIR 8214 Initiated a discussion about the pertinence of considering the standardization of threshold schemes for cryptographic primitives.

NISTIR 8214A presents a structured approach for exploring the space of threshold schemes for potential standardization, across two tracks: multi-party and single-device.

  • NISTIR 8214A: NIST Roadmap Toward Criteria for Threshold Schemes for Cryptographic Primitives.
    • Final version: Published in the CSRC on July 7, 2020.
    • Diff and public comments: The draft was open for public comments until February 10, 2020. The available "diff" highlights the changes between the draft and the final version and includes a table with the received comments.
    • Draft version: Published in the CSRC on November 8, 2019. (The title in the draft was "Towards NIST Standards for Threshold Schemes for Cryptographic Primitives: A Preliminary Roadmap". The title changed in the final version.)
  • NISTIR 8214: Threshold Schemes for Cryptographic Primitives: Challenges and Opportunities in Standardization and Validation of Threshold Cryptography.
    • Final version: Published in the CSRC on March 1, 2019.
    • Diff and public comments: The draft was open for public comments until October 22, 2018. The available "diff" highlights the changes between the draft and the final version and includes a table with the received comments.
    • Draft version: Published in the CSRC on July 26, 2019.

The Computer Security Division (CSD) at the National Institute of Standards and Technology (NIST) is interested in promoting the security of implementations and operation of cryptographic primitives. This security depends not only on the theoretical properties of the primitives but also on the ability to withstand attacks on their implementations and operations. It is thus important to mitigate breakdowns that result from differences between ideal and real implementations of cryptographic algorithms, and to enable distribution of trust across operators. Once criteria are in place, the selection and standardization of concrete schemes should include considerations for the applicable validation methodologies.

At a basic level, secret sharing enables splitting a secret key into two or more "shares" across different components or parties, such that the compromise of one (or more, but not all) of the shares does not reveal information about the original key. Using appropriate threshold techniques, the shares can then be separately processed, leading the computation to a correct result as if the original secret key had been processed by a classic algorithm. The security of the operation can be guaranteed even if up to a threshold number f of components has been compromised. This includes providing resistance against side-channel attacks, which exploit inadvertent leakage from real implementations. The threshold approach can thus significantly strengthen the confidentiality of secret keys in cryptographic implementations. Areas of relevant related research include secure multi-party computation, intrusion tolerant distributed systems, and threshold circuit design.

Collaboration: To collaborate with us or to just receive announcements from NIST regarding the Threshold Cryptography project, please check our Collaboration page.
Created July 26, 2018, Updated May 05, 2021