Threshold Cryptography

Threshold Cryptography is a term used by NIST to describe cryptographic primitives implemented using Multiparty Computation.

Multiparty Computation (MPC)

MPC is a cryptographic technology which allows a number, n, of MPC nodes to collaboratively compute any function y=f(x1, ..., xn) in a secure way, meaning that each node Ni only learns y and xi.

Secret Sharing

A core component in many MPC protocols and solutions is the concept of secret sharing. If you have some value, x, the idea is to give each of the n MPC nodes some piece of information, a share xi, so that from all of the shares it is easy to compute x and no single share xi reveals any information about x. We denote this x = [x1, x2, ..., xn].

Typically a threshold, t, is also part of the setup leading to (n,t)-sharing of x. This means that any t+1 shares can (always) reconstruct x, and t cannot. Some well-known types of secret sharing are Shamir-sharing and additive secret sharing.

MPC protocols are well suited to work on secret shared values, which means the MPC nodes executing the protocol will really work on values of which they only have a secret share. This is a powerful privacy paradigm.

Threshold Cryptography

Threshold Cryptography (TC) is based on the insight that cryptographic keys can be secret shared, and that cryptographic primitives can be expressed as a function of these shares!

This means that we can execute cryptographic primitives with secret shared data and keys in a manner so that the MPC nodes do not learn anything about the key(s) unless at least t+1 of them collude (or are compromised).