The Computer Security Division at the National Institute of Standards and Technology is interested in promoting the security of implementations of cryptographic primitives. This security depends not only on the theoretical properties of the primitives but also on the ability to withstand attacks on their implementations. It is thus important to mitigate breakdowns that result from differences between ideal and real implementations of cryptographic algorithms. This document overviews threshold cryptographic schemes, which enable attaining desired security goals even if f out of n of its components are compromised. There is also an identified potential in providing resistance against side-channel attacks, which exploit inadvertent leakage from real implementations. Security goals of interest include the secrecy of cryptographic keys, as well as enhanced integrity and availability, among others. This document considers challenges and opportunities related to standardization of threshold schemes for cryptographic primitives. It includes examples illustrating security tradeoffs under variations of system model and adversaries. It enumerates several high-level characterizing features of threshold schemes, including the types of threshold, the communication interfaces (with the environment and between components), the executing platform (e.g., single device vs. multiple devices) and the setup and maintenance requirements. The document poses a number of questions, motivating aspects to take into account when considering standardization. A particular challenge is the development of criteria that may help guide a selection of threshold cryptographic schemes. An open question is deciding at what level each standard should be defined (e.g., specific base techniques vs. conceptualized functionalities) and which flexibility of parametrization they should allow. Suitability to testing and validation of implementations are also major concerns to be addressed.
NIST Interagency/Internal Report (NISTIR) - 8214
threshold schemes, secure implementations, cryptographic primitives, threshold cryptography, secure multi- party computation, intrusion tolerance, distributed systems, resistance to side-channel attacks, standards and validation