U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Multi-Party Threshold Cryptography MPTC


The multiparty paradigm of threshold cryptography enables a secure distribution of trust in the operation of cryptographic primitives. This can apply, for example, to the operations of key generation, signing, encryption and decryption.

This project focuses on threshold schemes for cryptographic primitives: using a “secret sharing” mechanism, the secret key is split across multiple "parties", such that, even if some (up to a threshold f out of n) of these parties are corrupted, the key secrecy remains uncompromised, even during the cryptographic operation that depends on the key. This approach can be used to distribute trust across various operators, and is also useful to avoid various single-points of failure in the implementation.

The multi-party threshold cryptography project will consider devising guidelines and recommendations pertinent to threshold schemes that are interchangeable (in the sense of NISTIR 8214A, Section 2.4) with ECDSA signing, EdDSA signing, RSA signing and decryption, and AES encryption/decryption, and their respective distributed key-generation. For example, a signature produced by a threshold scheme should be verifiable by the same algorithm as used for conventional signatures.

In 2021, we are doing preparatory internal work to develop criteria related to future calls for contributions and standardization.

NISTIR on criteria. We are working on an upcoming NISTIR that will put forward concrete criteria for proposals of multi-party threshold schemes to be evaluated in the context of potential standardization. The publication of the draft (which will be open for public comments) is expected for the 4th quarter of 2021.

Call for feedback. While the expected draft NISTIR is being internally developed, we welcome anticipated focused feedback.

"Call 2021a" asks for comments (by September 13, 2021) on some of our thoughts on the following topics:

  • Scope of proposals

  • Security idealization

  • Security vs. adversary types

  • System model

  • Threshold profiles

  • Building blocks

The TC project has received useful community feedback about the multi-party threshold setting.

Feedback in NISTIR’s: The NIST reports on threshold schemes have benefited from public comments, as described in the diff of NISTIR 8214 and the diff of NISTIR 8214A.

Feedback in the workshops (NTCW 2019 and MPTS 2020):

  • Standardization setting: I1.2 (TC readiness), 2a1 (MPC settings), 2a2 (composability).

  • Threshold RSA keygen: 1a3 (honest majority threshold schemes).

  • Threshold ECDSA: [in 2019] I4.2, I.5.1 (a, b, c); [in 2021] 3a2, 3a3, 3c1, 3c2.

  • Threshold Schnorr/EdDSA: [in 2019] II4.; [in 2021] 1b2 (MPC-based EdDSA), 1b3 (prob. Schnorr), 1c1.

  • Threshold AES: 2b3.

  • Threshold RSA keygen: 3b1, 3b2.

  • Building blocks: garbled circuits (2b2, 2c1), OT (2b1), PCG (2a3), PVSS (1a2).

  • Platforms/frameworks/endeavors: I1.3, II4.3, 2c2, 2c3, 2c4, 2c5.

  • Implementation frameworks and attacks: 3a1 (attacks), 3b3 (frameworks).

  • Threshold post-quantum: I3.1, 1c2, 1c3.

  • Others applications/comments: II4.4, 1b1, 1c4.

  • Variants: II3.2, II4.2.

Legend of indices: For NTCW 2019, indices are Xyz, with X in {I, II} (day), y in {1,…,5} (session in the day), z in {1,2,3}. For MPTS 2020, indices are xyz, with x in {1,2,3} (day), y in {a,b,c} (session in the day), z in {1,…,5}.

Introductory presentations about the TC project can be found here: I1.1, 1a1

Per date: NISTIR 8214 Draft (July 2018); NISTIR 8214 (March 2019);  NTCW’19 (March 2019), Draft NISTIR 8214A (Nov 2019), NISTIR 8214A (July 2020), MPTS 2020 (Nov 2020).

Workshops: To access detailed material about the NIST-organized workshops, check the "Events" page.

  • November 46, 2020: The NIST Workshop on Multi-Party Threshold Schemes (MPTS) 2020, organized by the NIST Threshold Cryptography project, obtained feedback toward criteria for multi-party threshold schemes. Here is the preliminary announcement: PDF. The workshop, held virtually, included 17 invited talks and 11 accepted briefs.
  • March 1112, 2019: The NIST Threshold Cryptography Workshop (NTCW) 2019 took place at NIST, in Gaithersburg Maryland, USA, with experts from industry, academia, and government. The submission deadline was December 17, 2018.

NIST Internal Reports (NISTIR):

So far, the main publications in the project are in the form of NIST Internal Reports (NISTIR), elaborated internally at NIST and made publicly available for comments and consultation.

  • NISTIR 8214A: NIST Roadmap Toward Criteria for Threshold Schemes for Cryptographic Primitives.
    • Final version: Published in the CSRC on July 7, 2020.
    • Note: Initiated a discussion about the pertinence of considering the standardization of threshold schemes for cryptographic primitives.
    • Diff and public comments: The draft was open for public comments until February 10, 2020. The available "diff" highlights the changes between the draft and the final version and includes a table with the received comments.
    • Draft version: Published in the CSRC on November 8, 2019. (The title in the draft was "Towards NIST Standards for Threshold Schemes for Cryptographic Primitives: A Preliminary Roadmap". The title changed in the final version.)
  • NISTIR 8214: Threshold Schemes for Cryptographic Primitives: Challenges and Opportunities in Standardization and Validation of Threshold Cryptography.
    • Final version: Published in the CSRC on March 1, 2019.
    • Note: presents a structured approach for exploring the space of threshold schemes for potential standardization, across two tracks: multi-party and single-device.
    • Diff and public comments: The draft was open for public comments until October 22, 2018. The available "diff" highlights the changes between the draft and the final version and includes a table with the received comments.
    • Draft version: Published in the CSRC on July 26, 2019.

Collaboration: The project will drive an open and transparent standardization process based on established NIST principles. The process involves engaging with and incorporating feedback from the community of stakeholders, including researchers and practitioners in academia, industry and government. To receive announcements pertinent to collaboration with the Threshold Cryptography project, consider subscribing to the TC-forum.

Created July 26, 2018, Updated November 05, 2021