The Computer Security Division at the National Institute of Standards and Technology is interested in promoting the security of implementations of cryptographic primitives. This security depends not only on the theoretical properties of the primitives but also on the ability to withstand attacks on their implementations. It is thus important to mitigate breakdowns that result from differences between ideal and real implementations of cryptographic algorithms.
This project focuses on threshold schemes for cryptographic primitives and their potential for strengthening the secrecy of cryptographic keys, as well as enhancing integrity and availability of implemented primitives, including providing resistance against side-channel attacks, which exploit inadvertent leakage from real implementations.
November 8, 2019: NIST invites comments on Draft NISTIR 8214A, Towards NIST Standards for Threshold Schemes for Cryptographic Primitives: A Preliminary Roadmap, which presents a structured approach for exploring the space of threshold schemes for potential standardization.
A public comment period for this document is open until February 10, 2020. Email Comments to: nistir-8214Afirstname.lastname@example.org
March 1, 2019: NIST has published the final version of NISTIR 8214, Threshold Schemes for Cryptographic Primitives: Challenges and Opportunities in Standardization and Validation of Threshold Cryptography. The document had been open for public comments between July 26, 2018 and October 22, 2018. We have also posted online a "diff" PDF document highlighting the changes between the draft and the final version, along with the table of received comments.
On March 11-12, 2019, NIST held the Threshold Cryptography Workshop 2019 for experts from industry, academia, and government. The workshop was held at NIST in Gaithersburg, Maryland. The submission deadline was December 17, 2018.
Collaborate with us
To collaborate with us or to just receive announcements from NIST regarding the Threshold Cryptography project, please check our Collaboration page.
At a basic level classical secret sharing enables splitting the secret key into two or more shares across different components or parties, such that the compromise of one (or more, but not all) of the shares does not reveal information about the original key. Using appropriate threshold techniques, the shares can then be separately processed, leading the computation to a correct result as if the original secret key had been processed by a classic algorithm. The threshold approach can thus significantly strengthen the confidentiality of secret keys in cryptographic implementations.
Areas of relevant related research include secure multi-party computation, intrusion tolerant distributed systems, and threshold circuit design.
We published the report NISTIR 8214 to initiate a discussion on the standardization of threshold schemes for cryptographic primitives. The most immediate challenge going forward seems to be the development of criteria for and selection of proposals for standardization. The draft report motivated the need for criteria and developed some basis for it.
We intend to drive an open and transparent standardization process based on established NIST principles. We will incorporate the public comments to the draft report and plan to host a workshop in March 2019 to engage with the interested stakeholders on these topics. Once criteria are in place, the selection and standardization of concrete schemes should include considerations for the applicable validation methodologies.
We are working on these challenges by engaging with and incorporating feedback from the research community, industry, government and other stakeholders.