Date Published: November 2019
Comments Due:
Email Questions to:
Author(s)
Luís T. A. N. Brandão (NIST), Michael Davidson (NIST), Apostol Vassilev (NIST)
Announcement
This publication puts forward a preliminary roadmap towards the standardization of threshold schemes for cryptographic primitives. The document presents a structured approach for exploring the space of threshold schemes for potential standardization. It also discusses the need to take into account the security, configurability, modularity and capability for validation as features characterizing the schemes. The standardization process is organized into two main tracks (single-device and multi-party), and in each track the threshold schemes may range from simple to complex, in terms of standardization difficulty. With this draft, NIST is soliciting feedback from a broad audience, to aid the development of the roadmap for standardization of threshold schemes for approved cryptographic primitives.
Organization: Section 1 provides an introduction to the envisioned standardization effort. Section 2 outlines a mapping of the potential standardization space, into specification levels of domains, primitives and threshold modes. Section 3 considers application motivations for threshold schemes. Section 4 discusses concrete primitives and threshold modes of interest in the multi-party and in the single-device domains. Section 5 emphasizes several features whose consideration is required when specifying criteria for concrete items. Section 6 discusses the generic phases of development towards new standards. Section 7 proposes and motivates high-level aspects of criteria and calls for contributions from stakeholders. Appendix A describes examples of motivating applications.
NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
This document proposes a preliminary roadmap for the standardization of threshold schemes for cryptographic primitives by the National Institute of Standards and Technology (NIST). To cover the large diversity of possible threshold schemes, as identified in the NIST Internal Report (NISTIR) 8214, we tackle them in a structured way. We consider two main tracks — single-device and multi-party — and within each of them we consider cryptographic primitives in several possible threshold modes. The potential for real-world applications is taken as an important motivating factor differentiating the pertinence of each possible threshold scheme. Also, the standardization of threshold schemes needs to consider features such as configurability of parameters, advanced security properties, testing and validation, granularity (e.g., gadgets vs. composites) and specification detail. Overall, the organization put forward enables us to solicit feedback useful to consider a variety of threshold schemes, while at the same time considering differentiated standardization paths and timelines, namely depending on different levels of technical and standardization challenges. This approach paves the way for an effective engagement with the community of stakeholders and a preparation for devising criteria for standardization and subsequent calls for contributions.
This document proposes a preliminary roadmap for the standardization of threshold schemes for cryptographic primitives by the National Institute of Standards and Technology (NIST). To cover the large diversity of possible threshold schemes, as identified in the NIST Internal Report (NISTIR) 8214,...
See full abstract
This document proposes a preliminary roadmap for the standardization of threshold schemes for cryptographic primitives by the National Institute of Standards and Technology (NIST). To cover the large diversity of possible threshold schemes, as identified in the NIST Internal Report (NISTIR) 8214, we tackle them in a structured way. We consider two main tracks — single-device and multi-party — and within each of them we consider cryptographic primitives in several possible threshold modes. The potential for real-world applications is taken as an important motivating factor differentiating the pertinence of each possible threshold scheme. Also, the standardization of threshold schemes needs to consider features such as configurability of parameters, advanced security properties, testing and validation, granularity (e.g., gadgets vs. composites) and specification detail. Overall, the organization put forward enables us to solicit feedback useful to consider a variety of threshold schemes, while at the same time considering differentiated standardization paths and timelines, namely depending on different levels of technical and standardization challenges. This approach paves the way for an effective engagement with the community of stakeholders and a preparation for devising criteria for standardization and subsequent calls for contributions.
Hide full abstract
Keywords
threshold schemes; secure implementations; cryptographic primitives; threshold cryptography; secure multi-party computation; intrusion tolerance; distributed systems; resistance to side-channel attacks; standards and validation
Control Families
None selected