Cryptographic Primitives
In Threshold Cryptography each cryptographic primitive can be implemented using different MPC protocols. Each protocol will have its own characteristics in terms of performance and the possible options for choosing t and n.
A TSM instance has a fixed choice of t and n, and depending on the choice of these parameters a different set of primitives may be available.
The column (n,t) choices lists standard TSM configurations for the primitive in question. In many cases other choices are possible.
Notice that in some cases there is also an operational threshold, o, which specifies the number nodes needed to execute an operation (beyond key generation) without re-construction the underlying key. For further details please get in touch.
| Primitive | Parameters | Operations | (n,t)-choices |
|---|---|---|---|
| AES-ECB | Key size 128 | Encrypt, Decrypt | (2,1), (3,1) |
| AES-CBC | Key size 128 | Encrypt, Decrypt | (2,1), (3,1) |
| AES-CMAC | Key size 128 | Sign, Verify | (2,1), (3,1) |
| AES-GCM | Key size 128 | Encrypt, Decrypt | (2,1), (3,1) |
| AES-CTR | Key size 128 | Encrypt, Decrypt | (2,1), (3,1) |
| Blockdaemon Builder Vault Stream Cipher | Key size 128 | Encrypt, Decrypt | (2,1), (3,1) |
| HMAC-SHA2-256 | Keysize 2048, 3072, 4096 | Sign, Verify | (2,1), (3,1) |
| HMAC-SHA2-512 | Keysize 2048, 3072, 4096 | Sign, Verify | (2,1), (3,1) |
| RSA PSS | Keysize 2048, 3072, 4096 | Sign, Verify | (3,1) |
| RSA OAEP | Keysize 2048, 3072, 4096 | Encrypt, Decrypt | (3,1) |
| RSA PKCS#1v1.5 | Keysize 2048, 3072, 4096 | Encrypt, Decrypt, Sign, Verify | (3,1) |
| RSA x.509 (raw) | Key size 2048, 3072, 4096 | Encrypt, Sign | (3,1) |
| ECDSA | Curves: Secp256k1, P-256, P-384, P-521 | Sign, Verify | (2,1), (3,1) |
| EdDSA | Curves: Ed25519, Ed448 | Sign, Verify | (3,1) |
| ECDH | Curves: Secp256k1, P-256, P-384, P-521 | Key agreement | (3,1) |
Configuration
See information on our Web-based admin tool to better understand how different primitives and underlying protocols can be configured for a TSM.
Protocols
Blockdaemon Builder Vault MPC solutions are based on public research (some of which was performed by the Blockdaemon team), this includes protocols from the following research papers:
- [MRZ15] Payman Mohassel, Mike Rosulek, Ye Zhang: Fast and Secure Three-party Computation: The Garbled Circuit Approach. CCS 2015: 591-602
- [WRK17] Xiao Wang, Samuel Ranellucci, Jonathan Katz: Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation. CCS 2017: 21-37
- [DKLs18] Jack Doerner, Yashvanth Kondi, Eysa Lee, Abhi Shelat:
Secure Two-party Threshold ECDSA from ECDSA Assumptions. IEEE Symposium on Security and Privacy 2018: 980-997 - [DJNP+18] Ivan Damgård, Thomas Pelle Jakobsen, Jesper Buus Nielsen, Jakob Illeborg Pagter, Michael Bæksvang Østergård: Fast Threshold ECDSA with Honest Majority. SCN 2020: 382-400
- [DKLs19] Jack Doerner, Yashvanth Kondi, Eysa Lee, Abhi Shelat: Threshold ECDSA from ECDSA Assumptions: The Multiparty Case. IEEE Symposium on Security and Privacy 2019: 1051-1066
Updated about 1 month ago