Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Towards a Threshold Key Infrastructure

November 5, 2020


Phillip Hallam-Baker - Comodo


Abstract: The Mathematical Mesh (Mesh) is a Threshold Key Infrastructure (TKI) that uses threshold techniques to manage public key pairs and threshold key shares. The resulting architecture shares many similarities to traditional Kohnfelder model PKIs (e.g. X.509) but with significant differences. The use of threshold techniques provides the ‘key portability’ advantage of using smartcards without the need for a physical token. Devices that are connected to a Mesh profile can decrypt data and authenticate to internal or external infrastructures as authorized by the user/administrator. Authorizations are expressed as threshold key shares mediated by a Mesh service. Through the use of threshold techniques, the service is zero-trust with respect to confidentiality and integrity concerns and limited trust with respect to availability. The Mesh may be used to manage keys for traditional PKI applications (SSH, OpenPGP, S/MIME) or as a platform for building new applications. Current applications include sharing of encrypted data-at-rest between groups of users, a password vault, a contact manager and a replacement for second factor authentication schemes that actually makes sense.

Presented at

NIST Workshop on Multi-Party Threshold Schemes (MPTS) 2020.

Event Details



Related Topics

Security and Privacy: cryptography

Created May 04, 2021, Updated June 07, 2021