A trusted authority, in some form, is essential for many secure systems. However, this requirement always leads to the liveness-related issue of single point of failure and sometimes to the more undesirable security issue of key escrow. Resolving these two issues is of paramount importance while designing secure systems for use over the Internet where denial-of-service attacks and malicious entities are widespread. Although distributed cryptography has emerged as a natural choice to mitigate these problems, the cryptography literature largely has failed to provide protocols suitable for the Internet. Namely, the aspects related to the practicality of these protocols have been largely ignored and usable implementations for most of the distributed cryptographic primitives are not yet available. This need for practical distributed cryptographic protocols motivated most us towards this work on distributed key generation (DKG).
In essence, an (n,t)-DKG protocol allows a set of n nodes to collectively generate a secret with its shares spread over the nodes such that any subset of size greater than a threshold t can reveal or use the shared secret, while smaller subsets do not have any knowledge about it. Unlike the original Shamir secret sharing schemes, where a dealer generates a secret and distributes its shares among the nodes, DKG requires no trusted party.
DKG is a fundamental building block of distributed cryptography, distributed pseudo-random functions and many other distributed computing primitives. It is a prominent example of a well-studied cryptographic protocol that lacks a practical design and implementation.
This software is the first realistic Distributed Key Generator (DKG) implementation for use over the Internet. We have tested it extensively on the PlanetLab platform.
Our paper describing the protocol:
Distributed Key Generation in the Wild. Aniket Kate, Yizhou Huang and Ian Goldberg, ePrint 2012/377, July 2012.
This is an extended version of our conference publication:
Distributed Key Generation for the Internet. Aniket Kate, Ian Goldberg, 29th International Conference on Distributed Computing Systems, June 2009.
This software is covered by the GPL license.
CONTACT: Andy Huang (y226huan@cs.uwaterloo.ca)