Threshold Schemes for Cryptographic Modules (G13c)
Co-authors: Luís T.A.N. Brandão, Michael Davidson, Apostol Vassilev
NIST is moving towards the standardization of threshold schemes for cryptographic primitives. The roadmap for this endeavor has two main tracks: single-device and multi-party. Both settings are relevant for the development of cryptographic modules. As a single-device, a cryptographic module can potentially be designed with an internal threshold circuit design to enhance resistance against side-channel and/or fault attacks. For multi-party interactions, each party can be instantiated as a cryptographic module, holding a share of a secret key, and operating in a protocol that enables producing a cryptographic output (e.g., signature, decryption, encryption) without having to reconstruct the original secret key. Our roadmap tries to incorporate test and validation requirements into the criteria for selecting proposals for standardization. This talk will provide an update of the NIST Threshold Cryptography project, with an emphasis of its preliminary roadmap (NISTIR 8214A) and corresponding public comments. We also take this as an opportunity to engage with the community of stakeholders and receive further feedback.