Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Privacy-Enhancing Cryptography PEC

Threshold schemes

The upcoming NIST First Call for Multi-Party Threshold Schemes (see the initial public draft in NIST IR8214C ipd, and received public comments) will solicit public proposals of threshold schemes (multi-party protocols) for various cryptographic primitives. The NIST Workshop on Multi-Party Threshold Schemes (MPTS) 2023 collected further feedback before the final version of the Call.

The "NIST Threshold Call" will explore techniques of MPC (secure multiparty computation), ZKP (zero-knowledge proofs), and FHE (fully-homomorphic encryption). More details about the public call can be found in the webpage of the NIST Multi-Party Threshold Cryptography (MPTC) project. Within the Call, category Cat2 (for primitives not specified by NIST) brings an opportunity to consider primitives that are not present in current NIST standards. The analysis of submitted schemes will include engagement by the MPTC and the PEC projects. The table below is an adaptation of the Table 2 in draft call (NIST IR8214C ipd).

Category 2 of the Threshold Call: Subcategories and Examples
Subcategory: Type Example scheme Example primitive
C2.1: Signing TF succinct & verifiable-deterministic signatures Sign
  TF-QR signatures Sign
C2.2: PKE TF-QR public-key encryption (PKE) Decrypt; encrypt (a secret value)
C2.3: KA Low-round multi-party key-agreement (KA) Single-party primitives
C2.4: Symmetric TF PRP (e.g., blockcipher) or PRF (e.g., for MAC or key-derivation) Encipher, decipher, MAC
  Hash or XOF Hash function, XOF
C2.5: Keygen Any of the above or below Keygen
C2.6: FHE QR Fully-homomorphic encryption (FHE) Decryption; keygens
C2.7: ZKPoK ZKPoK of private key ZKPoK.Generate
C2.8: Gadgets Garbled circuit (GC) GC.generate; GC.evaluate

TF-QR is a desired combination for any type of scheme; some examples show just TF to convey that it is welcome even if not QR.

Legend:  2KE = pair-wise key-establishment; Keygen = key-generation; PKE = Public-key encryption; PRF = pseudorandom function (family); PRP = pseudorandom permutation (family); QR = quantum resistant; TF = threshold friendly; ZKPoK = Zero-knowledge proof of knowledge.

Note: the initial public draft had "C2.6 = Advanced" (inc. FHE, IBE and ABE), but the 2pd will narrow it down to just FHE.

There is also a category Cat1 for threshold schemes for NIST specified primitives. The upcoming revision of NISTIR 8214C ipd will include in subcategory C1.1 and C.1.2 some primitives of the schemes selected by the NIST-PQC project in 2022.

Contacts

Reach the PEC team at:
crypto-privacy@nist.gov

Luís T. A. N. Brandão

René Peralta - NIST

Angela Robinson - NIST

Topics

Security and Privacy: cryptography, privacy

Created January 03, 2017, Updated October 12, 2024