Cryptography is the foundation of secure systems and applications. One crucial assumption cryptography is based on is the availability and secrecy of cryptographic keys. For example, to digitally sign a message, one must have access to one’s private keys and at the same time, the private key must be kept secret from an adversary in order to prevent signature forgery. However, in practice, the assumption on availability and secrecy of keys is often invalid. Traditionally, the keys are typically stored centrally (e.g., on a single server or a networked device), leading to a single point of failure (violating the assumption on availability of keys) as well as attacks (violating the assumption on secrecy of keys). Since most traditional security and cryptographic services (such as based on Kerberos) are centralized in nature, security can thus hardly be guaranteed in practice. On the other hand, in certain distributed applications, such as mobile ad hoc networks (MANETs) and peer-to-peer (P2P) systems, a central authority might not exist at all and therefore, administering traditional cryptographic services might not be possible.
Threshold cryptography is a tool that allows for distributing the keys and cryptographic operations among multiple nodes, providing improved availability and secrecy. For example, (t + 1; n) threshold signature scheme enables any subgroup of t + 1 nodes in a system consisting of n > t nodes, to collaboratively sign a message on behalf of that system, even when at most t nodes are corrupted or are malicious. Proactive cryptography, on the other hand, offers stronger resilience than threshold cryptography, by periodically refreshing or updating nodes’ secret keys.
The focus of our research is on utilizing threshold and proactive cryptography for the purpose of:
- improved availability and resilience in traditional centralized security and cryptographic services, via “forced distribution,” and
- providing security services for inherently distributed applications, such as MANETs and P2P systems, where traditional centralized services are not applicable.
The primary motivation for this research is the realization of threshold cryptography in practice — to bridge the gap between theory and practice of threshold cryptography. In spite of several years of research on the topic of threshold and proactive cryptography and despite its well accepted utility, a real-world deployment has not yet taken place, nor does it seem possible in the foreseeable future. This is perhaps due to the following reasons:
- To achieve “provable security,” the designers of threshold cryptographic protocols often overlook the application-oriented performance aspects, and similarly, the application designers tend to undermine the provable security aspects of the underlying protocols in an attempt to optimize performance. This results in protocols which are secure, but prohibitively expensive to be adopted in practice, or protocols which are efficient, but insecure, and
- To the best of our knowledge, there is no open source, general-purpose toolkit that implements a suite of protocols in threshold cryptography, and which can be easily used by non-expert developers in building and to integrate with applications of their choice.
Another compelling motivation behind this research is the issue of protection of user-centric services. Today’s computer users have increasingly been using various cryptographic services (such as signed email), with the respective keys stored on their personal devices (such as desktops, laptops, PDAs). Since users’ devices often fall prey to different types of malware, which in turn can expose the keys stored, there is a growing need to provide improved protection. Another important user-centric application that can be implemented in a fault-tolerant manner is Remote Password Management.