Threshold Cryptography TC

Project Overview

The Computer Security Division (CSD) at the National Institute of Standards and Technology (NIST) is interested in promoting the security of implementations and operation of cryptographic primitives. This security depends not only on the theoretical properties of the primitives but also on the ability to withstand attacks on their implementations and operations. It is thus important to mitigate breakdowns that result from differences between ideal and real implementations of cryptographic algorithms, and to enable distribution of trust across operators.

This project focuses on threshold schemes for cryptographic primitives, which have a potential for strengthening the secrecy of cryptographic keys, as well as enhancing integrity and availability of implemented primitives, including providing resistance against side-channel attacks, which exploit inadvertent leakage from real implementations. We intend to drive an open and transparent standardization process based on established NIST principles. This includes engaging with and incorporating feedback from the research community, industry, government and other stakeholders.

The project has two main tracks --- Multi-Party and Single Device --- as defined in NISTIR 8214A.

A challenge going forward is the development of criteria for standardization and calls for contributions. Once criteria are in place, the selection and standardization of concrete schemes should include considerations for the applicable validation methodologies.

Collaboration: To collaborate with us or to just receive announcements from NIST regarding the Threshold Cryptography project, please check our Collaboration page.

Recent or upcoming soon

Some milestones

  • July 7, 2020: Publication of the final version of NISTIR 8214A, NIST Roadmap Toward Criteria for Threshold Schemes for Cryptographic Primitives. The document presents a structured approach for exploring the space of threshold schemes for potential standardization.
  • November 8, 2019. Publication of the Draft NISTIR 8214A (The title in the draft was "Towards NIST Standards for Threshold Schemes for Cryptographic Primitives: A Preliminary Roadmap: A Preliminary Roadmap". The title changed in the final version.) The document was open for public comments until February 10, 2020.
  • March 11-12, 2019: The NIST Threshold Cryptography Workshop (NTCW) 2019 took place at NIST, in Gaithersburg Maryland, USA, with experts from industry, academia, and government. The submission deadline was December 17, 2018.
  • March 1, 2019:  Publication of the final version of NISTIR 8214, Threshold Schemes for Cryptographic Primitives: Challenges and Opportunities in Standardization and Validation of Threshold Cryptography. There is also a "diff" PDF document highlighting the changes between the draft and the final version, along with the table of received comments.
  • July 26, 2019: Publication of the Draft NISTIR 8214, to initiate a discussion about the possible standardization of threshold schemes for cryptographic primitives. The document was open for public comments until October 22, 2018.


At a basic level, classical secret sharing enables splitting a secret key into two or more "shares" across different components or parties, such that the compromise of one (or more, but not all) of the shares does not reveal information about the original key. Using appropriate threshold techniques, the shares can then be separately processed, leading the computation to a correct result as if the original secret key had been processed by a classic algorithm. The threshold approach can thus significantly strengthen the confidentiality of secret keys in cryptographic implementations. Areas of relevant related research include secure multi-party computation, intrusion tolerant distributed systems, and threshold circuit design.

Created July 26, 2018, Updated September 25, 2020