Generating a distributed key, where a constant fraction of the players can reconstruct the key, is an essential component of many large-scale distributed computing tasks such as fully peer-to-peer computation and voting schemes. Previous solutions relied on a dedicated broadcast channel and had at least quadratic cost per player to handle a constant fraction of adversaries, which is not practical for extremely large sets of participants. We present a new distributed key generation algorithm, sparse matrix DKG, for discrete-log based cryptosystems that requires only polylogarithmic communication and computation per player and no global broadcast. This algorithm has nearly the same optimal threshold as previous ones, allowing up to a \(\frac{1}{2}-\epsilon\) fraction of adversaries, but is probabilistic and has an arbitrarily small failure probability. In addition, this algorithm admits a rigorous proof of security. We also introduce the notion of matrix evaluated DKG, which encompasses both the new sparse matrix algorithm and the familiar polynomial based ones.
[1]
Torben P. Pedersen.
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
,
1991,
CRYPTO.
[2]
Hugo Krawczyk,et al.
Secure Distributed Key Generation for Discrete-Log Based Cryptosystems
,
1999,
Journal of Cryptology.
[3]
Leslie Lamport,et al.
The Byzantine Generals Problem
,
1982,
TOPL.
[4]
Torben P. Pedersen.
A Threshold Cryptosystem without a Trusted Party (Extended Abstract)
,
1991,
EUROCRYPT.
[5]
G. R. BLAKLEY.
Safeguarding cryptographic keys
,
1979,
1979 International Workshop on Managing Requirements Knowledge (MARK).
[6]
Mihir Bellare,et al.
Random oracles are practical: a paradigm for designing efficient protocols
,
1993,
CCS '93.