Threshold cryptosystem
Encyclopedia
In cryptography, a cryptosystem
is called a 'threshold cryptosystem', if in order to decrypt an encrypted message a number of parties exceeding a threshold is required to cooperate in the decryption protocol
. The message is encrypted using a public key and the corresponding private key is shared
among the participating parties. Let be the number of parties. Such a system is called (t,n)-threshold, if at least t of these parties can efficiently decrypt the ciphertext, while less than t have no useful information. Similarly it is possible to define (t,n)-threshold signature scheme
, where at least t parties are required for creating a signature.
Threshold versions of encryption schemes can be built for many public encryption schemes. The natural goal of such schemes is to be as secure as the original scheme. Such threshold versions have been defined for:
Cryptosystem
There are two different meanings of the word cryptosystem. One is used by the cryptographic community, while the other is the meaning understood by the public.- General meaning :...
is called a 'threshold cryptosystem', if in order to decrypt an encrypted message a number of parties exceeding a threshold is required to cooperate in the decryption protocol
Cryptographic protocol
A security protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods.A protocol describes how the algorithms should be used...
. The message is encrypted using a public key and the corresponding private key is shared
Secret sharing
Secret sharing refers to method for distributing a secret amongst a group of participants, each of whom is allocated a share of the secret. The secret can be reconstructed only when a sufficient number of shares are combined together; individual shares are of no use on their own.More formally, in a...
among the participating parties. Let be the number of parties. Such a system is called (t,n)-threshold, if at least t of these parties can efficiently decrypt the ciphertext, while less than t have no useful information. Similarly it is possible to define (t,n)-threshold signature scheme
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
, where at least t parties are required for creating a signature.
Threshold versions of encryption schemes can be built for many public encryption schemes. The natural goal of such schemes is to be as secure as the original scheme. Such threshold versions have been defined for:
- RSA
- Pallier cryptosystem
- Damgård–Jurik cryptosystem
- El-Gamal
See also
- Secret sharingSecret sharingSecret sharing refers to method for distributing a secret amongst a group of participants, each of whom is allocated a share of the secret. The secret can be reconstructed only when a sufficient number of shares are combined together; individual shares are of no use on their own.More formally, in a...
- Threshold (disambiguation)
- Distributed key generationDistributed key generationFor some protocols no party should be in the sole possession of the secret key. Rather, during distributed key generation every party obtains a share of the key...
- Broadcast encryptionBroadcast encryptionBroadcast encryption is the cryptographic problem of encrypting broadcast content in such a way that only qualified users can decrypt the content. The challenge arises from the requirement that unsubscription of some users should not affect the remaining users...