Author:
Apostolos P. Fournaris
Affiliation:
University of Patras, Greece
Keyword(s):
Threshold Cryptography, Elliptic Curve Cryptography, Distributed system, Certificate Authority.
Related
Ontology
Subjects/Areas/Topics:
Information and Systems Security
;
Security in Distributed Systems
;
Security in Information Systems
;
Security Information Systems Architecture and Design and Security Patterns
Abstract:
Threshold cryptography offers an elegant approach in evenly sharing certificate responsibilities to all participants of a distributed system through Shamir’s secret sharing scheme, where a secret (the Certificate Authority’s (CA) private key) is split and shared among all participants. However, existing threshold cryptography distributed key generation and certification systems still rely on a single, centralized, trusted entity at some point during the certification process (usually during initialization) to split the secret and distribute it to all distributed system participants. This centralized entity, denoted as trusted dealer, can cancel participant equality and can become a single point of failure. In this paper, we deal with this problem by extending the a key generation scheme of Noack and Spitz (2009) and by proposing a certification scheme that has no need for a trusted dealer to create, split and distribute the proposed certification scheme’s private-public key pair. The
proposed scheme uses the participant addition-removal procedure described in (Noack and Spitz, 2009) that does not affect the scheme’s public key (used for certificate verification) and has small interference to the certification process as a whole. To reduce the computational cost the proposed system employs Elliptic Curve Cryptography (ECC) principles.
(More)