The videos of the presentations will be made available soon.
The MPTS2020 workshop is intended as an informal consultation step about the development of criteria for evaluating multi-party threshold schemes for the cryptographic primitives identified in NISTIR 8214A. The organizers are asking the community of stakeholders to participate by providing examples, suggestions and recommendations for the multi-party track of the standardization process considered by the NIST Threshold Cryptography (TC) project. The collected feedback will be taken into consideration in the development process.
Primitives (see NISTIR 8214A, Section 4.1): 1. RSA signing; 2. RSA decryption; 3. RSA key generation; 4. EdDSA signing; 5. ECDSA signing; 6. ECC-CDH primitive; 7. Keygen for ECC; 8. AES enciphering/deciphering
Some related topics (see NISTIR 8214A, Section 5): 1. Configurability (threshold numbers, ...); 2. Practical feasibility; 3. Security models; 4. Security properties; 5. Gadgets and modularity; 6. Validation suitability.
The Threshold Cryptography (TC) project at the National Institute of Standards and Technology (NIST) is exploring the potential for standardization of threshold schemes for cryptographic primitives. The goal of the multi-party track (see NISTIR 8214A) is to enable the distributed execution of key-based primitives when the keys are secret-shared across multiple parties. By applying a threshold scheme, the confidentiality of the original key is preserved even if some threshold number of parties are compromised. A threshold property can also extend to other security aspects,such as integrity and availability of the operation.
The current focus of the project is on devising criteria for evaluation of threshold schemes that may be proposed in the future for consideration in the TC multi-party track. To develop such criteria, it is essential to obtain meaningful and timely feedback from expert stakeholders. The NIST Workshop on Multi-Party Threshold Schemes (MPTS 2020) is organized as a step to enable the organizers to collect useful feedback from the community. The organizers ask the community to aim at recommendations that promote security, practicality and interoperability, under the umbrella of improving best practices and fostering innovation, within the scope of standardization.
Workshop structure. MPTS 2020 will be a virtual workshop. The presentations and comments will be recorded and made publicly available after the event. The workshop will last three days,with up to four hours per day. The program will be based on two types of contributions:
We invite the community of stakeholders to participate in the workshop and share their views on threshold schemes for the multi-party track of NISTIR 8214A, and give recommendations on criteria for their standardization. We will publish the collected feedback after the workshop.
Content scope. This workshop and the multi-party track of the TC project cover the cryptographic primitives highlighted in Section 4.1 of NISTIR 8214A. The organizers are interested in characterizing potential threshold schemes with respect to the features in Section 5 of NISTIR 81214A. See also the Sections 2.3--2.5, 6.1 and 7.2.
Disclaimer (standards). The use of the words "standards" and "standardization" in the TC project does not imply a goal of producing new Federal Information Processing Standards (FIPS) publications. For example, the final products may include Recommendations or implementation guidelines to be incorporated in other documentation, such as (but not necessarily) Special Publications in Computer Security (SP 800).
(Note: Statistics updated on 2020-Nov-9. Identified duplicates were not counted.)
Overall workshop registrations (including all speakers): 292 individuals (includes 20 from NIST), across 40+ countries.
Webex registrations (including panelists/hosts) per event: 162 in 1st day: 158 in 2nd day; 140 in 3rd day.
Speakers (19) of invited talks: Berry Schoenmakers, Ivan Damgård, Tal Rabin, Nigel Smart, Chelsea Komlo, Yehuda Lindell, Ran Canetti, Yuval Ishai, Emmanuela Orsini, Peter Scholl, Vladimir Kolesnikov, Xiao Wang, Jean-Philippe Aumasson, Omer Shlomovits, Kris Shrishak, Nikolaos Makriyannis, Schuyler Rosefield, Muthu Venkitasubramaniam, Marcella Hastings.
Speakers (11) of accepted briefs: Yashvanth Kondi, Akira Takahashi, Jan Willemson, Saikrishna Badrinarayanan, Xiao Wang, Jakob Pagter, Phillip Hallam-Baker, Ronald Tse, Frank Wiener, Damian Straszak, Jack Doerner.
Session chairs (5): Luís Brandão, Michael Davidson, Dustin Moody, René Peralta, Apostol Vassilev.
Workshop/program chair (1): Luís Brandão.
(Each listing of names follows the order of the corresponding talks/briefs/sessions at the workshop.)
Thanks to Donal Whitfield for explaining, prior to the workshop, the workings of the video-conference platform.
Statistics based on answers provided in the workshop registration form
Registrations per country 292 registrations across 40+ countries. The USA count includes 20 from NIST. |
Familiarity with NISTIR 8214A Yes: 122; No: 164; N/A: 6 |
In which primitives are you most interested in? (Multiple answers allowed; answers not mandatory) |
What threshold-related topics are of most interest to you? (Multiple answers allowed; answers not mandatory) |
There are two needed (sequential) registrations for attendees:
Registration 1. Submit the workshop registration form:
https://docs.google.com/forms/d/e/1FAIpQLScY7P4HOG-GhaX5FiaP_DGudiwcyBIqk9cJRzXotCrCg79y-w/viewform
After someone reads your submitted form, you will receive (from a nist.gov email) a "registration password" for the Webex events, as well as the Webex event password.
Registration 2. Apply for a Webex Registration ID for each day of the event:
https://nist-secure.webex.com/nist-secure/onstage/g.php?PRID=a6b80f9da4bda97b06dbaf47a2f6fe4f
The workshop occurs as three Webex virtual events (one per day of the workshop). To connect as an attendee in each event day, first register (with Webex) your email address for the event. You will then receive an email from Webex with a "registration " id, which you'll need (along with the event password, received in step 1) to login to the virtual event.
Note: If you are a presenter, your role in the webex event will be as "Panelist", instead of "Attendee". In such case you will receive different instructions by email.
To submit a proposed "brief", please email workshop-MPTS-2020@nist.gov, preferably by September 30 (phase 1) or October 28 (phase 2):
Use email subject "MPTS2020 brief: "
Include the contact details of the speaker.
Virtual workshop
For questions or comments related to the workshop, please send an email to "workshop-MPTS-2020 at nist.gov"
Please check the Workshop Program (PDF file) for further details: bios of talks' speakers; abstracts; collaborators.
Session 1a (talks). Session chair: Luís Brandão.
09:15--10:00: Talk 1a1: Let’s talk about multi-party threshold schemes. Luís Brandão (NIST)
10:00--10:25: Talk 1a2: Publicly Verifiable Secret Sharing and Its Use in Threshold Cryptography. Berry Schoenmakers (TU Eindhoven)
10:25--10:50: Talk 1a3: Optimizing honest majority threshold cryptosystems. Ivan Damgård (Aarhus University)
10:50--11:05: Break
Session 1b (talks). Session chair: Michael Davidson.
11:05--11:30: Talk 1b1: You Only Speak Once – Secure MPC with Stateless Ephemeral Roles. Tal Rabin (Algorand Foundation)
11:30--11:55: Talk 1b2: Thresholdizing DSA, Schnorr, EdDSA, HashEdDSA, .... Nigel Smart (KU Leuven)
11:55--12:20: Talk 1b3: FROST: Flexible Round-Optimized Schnorr Threshold Signatures and Extensibility to EdDSA. Chelsea Komlo (University of Waterloo)
12:20--12:30: Break
Session 1c (briefs): Session chair: Dustin Moody.
12:30--12:36: Brief 1c1: Threshold Schnorr with Stateless Deterministic Signing. Yashvanth Kondi (Northeastern University)
12:36--12:42: Brief 1c2: Lattice-based Distributed Signing Protocols from the Fiat-Shamir with Aborts Paradigm. Akira Takahashi (Aarhus University)
12:42--12:48: Brief 1c3: On the need for threshold post-quantum (signature) schemes. Jan Willemson (Cybernetica)
12:48--12:54: Brief 1c4: BETA: Biometric Enabled Threshold Authentication. Saikrishna Badrinarayanan (Visa Research)
09:15--09:35: Virtual arrival
Session 2a (talks): Session chair: Luís Brandão.
09:35--10:00: Talk 2a1: Settings and Considerations for Standardizing Multi-Party Threshold Schemes. Yehuda Lindell (Unbound Tech; Bar-Ilan University)
10:00--10:25: Talk 2a2: Standardizing Security: The case of threshold cryptography. Ran Canetti (Boston University)
10:25--10:50: Talk 2a3: Pseudorandom Correlation Generators: Secure Computation with Silent Preprocessing. Yuval Ishai (Technion)
10:50--11:05: Break
Session 2b (talks): Session chair: Rene Peralta.
11:05--11:30: Talk 2b1: Efficient Actively Secure OT Extension: 5 Years Later. Emmanuela Orsini (KU Leuven) & Peter Scholl (Aarhus University)
11:30--11:55: Talk 2b2: Let’s Standardize Garbled Circuits!. Vladimir Kolesnikov (Georgia Tech)
11:55--12:20: Talk 2b3: Global-Scale Threshold AES (and SHA256). Xiao Wang (Northeastern University)
12:20--12:30: Break
Session 2c (briefs): Session chair: Apostol Vassilev.
12:30--12:36: Brief 2c1: Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting). Xiao Wang (Northeastern University)
12:36--12:42: Brief 2c2: MPC-based key management – using threshold trust to address different threat models. Jakob Pagter (Sepior)
12:42--12:48: Brief 2c3: Towards a Threshold Key Infrastructure. Phillip Hallam-Baker (Threshold Secrets)
12:48--12:54: Brief 2c4: Confium: an open source framework to support threshold cryptography standardization. Ronald Tse (Ribose)
12:54--13:00: Brief 2c5: The MPC Alliance (MPCA), Status and Roadmap. Frank Wiener (MPC Alliance)
09:15--09:35: Virtual arrival
Session 3a (talks): Session chair: Apostol Vassilev.
09:35--10:00: Talk 3a1: Attacks to deployed threshold signatures. Jean-Philippe Aumasson (ZenGo) and Omer Shlomovits (Taurus)
10:00--10:25: Talk 3a2: Securing DNSSEC Keys via Threshold ECDSA from generic MPC. Kris Shrishak (TU Darmstadt)
10:25--10:50: Talk 3a3: UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts. Nikolaos Makriyannis (Fireblocks)
10:50--11:05: Break
Session 3b (talks): Session chair: Rene Peralta.
11:05--11:30: Talk 3b1: Multiparty Generation of an RSA Modulus. Schuyler Rosefield (Northeastern University)
11:30--11:55: Talk 3b2: Scaling Distributed RSA Modulus Generation with a Dishonest Majority. Muthu Venkitasubramaniam (Ligero; University of Rochsters)
11:55--12:20: Talk 3b3: How MPC Frameworks Use Threshold Cryptography. Marcella Hastings (University of Pennsylvania)
12:20--12:30: Break
Session 3c (briefs): Session chair: Luís Brandão.
12:30--12:36: Brief 3c1: Robustness for Dishonest Majority in Threshold ECDSA. Damian Straszak (Cardinal Cryptography)
12:36--12:42: Brief 3c2: A Multiparty Computation Approach to Threshold ECDSA. Jack Doerner (Northeastern University)
Each talk is scheduled for 25 min (~20 min monologue + ~5 min Q&A).
Each brief is scheduled for 6 min (5 min talk, plus 1 min transition).
(Schedule details updated on November 20, 2020)
Selected Presentations | |
---|---|
November 6, 2020 | Type |
12:42 PM
MPTS 2020 Final Comments Luís T. A. N. Brandão - NIST/Strativia |
Presentation |
12:36 PM
A Multiparty Computation Approach to Threshold ECDSA Jack Doerner - Northeastern University |
Presentation |
12:30 PM
Robustness for Dishonest Majority in Threshold ECDSA Damian Straszak - Cardinal Cryptography |
Presentation |
11:55 AM
How MPC Frameworks Use Threshold Cryptography Marcella Hastings - University of Pennsylvania |
Presentation |
11:30 AM
Scaling Distributed RSA Modulus Generation with a Dishonest Majority Muthu Venkitasubramaniam - Ligero, Inc. and University of Rochester |
Presentation |
11:05 AM
Multiparty Generation of an RSA Modulus Schuyler Rosefield - Northeastern University |
Presentation |
10:25 AM
UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts Nikolaos Makriyannis - Fireblocks |
Presentation |
10:00 AM
Securing DNSSEC Keys via Threshold ECDSA from generic MPC Kris Shrishak - TU Darmstadt |
Presentation |
9:35 AM
Attacks to deployed threshold signatures Jean-Phillippe Aumasson - ZenGo Omer Shlomovitz - Taurus |
Presentation |
November 5, 2020 | Type |
12:54 PM
The MPC Alliance (MPCA), Status and Roadmap Frank Wiener - Sepior |
Presentation |
12:48 PM
Confium: an open source framework to support threshold cryptography standardization Ronald Tse - Ribose |
Presentation |
12:42 PM
Towards a Threshold Key Infrastructure Phillip Hallam-Baker - Comodo |
Presentation |
12:36 PM
MPC-based key management – Using threshold trust to address different threat models Jakob Pagter - Sepior |
Presentation |
12:30 PM
Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting) Xiao Wang - Northwestern University |
Presentation |
11:55 AM
Global-Scale Threshold AES (and SHA256) Xiao Wang - Northwestern University |
Presentation |
11:30 AM
Let’s Standardize Garbled Circuits! Vladimir Kolesnikov - Georgia Tech |
Presentation |
11:05 AM
Efficient Actively Secure OT Extension: 5 Years Later Emmanuela Orsini - KU Leuven Peter Scholl - Aarhus University |
Presentation |
10:25 AM
Pseudorandom Correlation Generators: Secure Computation with Silent Preprocessing Yuval Ishai - Technion |
Presentation |
10:00 AM
Standardizing Security: The case of threshold cryptography Ran Canetti - Boston University |
Presentation |
9:35 AM
Settings and Considerations for Standardizing Multi-Party Threshold Schemes Yehuda Lindell - Unbound Tech and BIU |
Presentation |
November 4, 2020 | Type |
12:48 PM
Brief 1c4: BETA: Biometric Enabled Threshold Authentication Saikrishna Badrinarayanan - Visa Research |
Presentation |
12:42 PM
On the need for threshold post-quantum (signature) schemesSpeaker: Jan Willemson Jan Willemson - Cybernetica |
Presentation |
12:36 PM
Lattice-based Distributed Signing Protocols from the Fiat–Shamir with Aborts Paradigm Akira Takahashi - Aarhus University |
Presentation |
12:30 PM
Threshold Schnorr with Stateless Deterministic Signing Yashvanth Kondi - Northeastern University |
Presentation |
11:55 AM
FROST: Flexible Round-Optimized Schnorr Threshold Signatures and Extensibility to EdDSA Chelsea Komlo - University of Waterloo and Zcash Foundation |
Presentation |
11:30 AM
Thresholdizing DSA, Schnorr, EdDSA, HashEdDSA, ... Nigel Smart - KU Leuven |
Presentation |
11:05 AM
You Only Speak Once – Secure MPC with Stateless Ephemeral Roles Tal Rabin - Algorand Foundation |
Presentation |
10:25 AM
Optimizing honest majority threshold cryptosystems Ivan Damgård - Aarhus University |
Presentation |
10:00 AM
Publicly Verifiable Secret Sharing and Its Use in Threshold Cryptography Berry Schoenmakers - Eindhoven University of Technology |
Presentation |
9:35 AM
Let’s talk about multi-party threshold schemes Luís T. A. N. Brandão - NIST/Strativia |
Presentation |
Starts: November 04, 2020 - 09:30 AM EST
Ends: November 06, 2020 - 01:00 PM EST
November 4--6, 2020, 9:30am--1pm EST
Format: Virtual Type: Workshop
Attendance Type: Open to public
Audience Type: Industry,Government,Academia,Other