Is this the first ever practically-deployed use of a threshold scheme?

Richard Salz rsalz at
Sun Aug 1 11:01:36 EDT 2010

> (In a threshold cryptosystem, the shares would be used in a protocol to 
> perform the desired cryptographic operation [e.g., signing] without ever 

> reconstructing the real secret.) Has real threshold cryptography never 
> been used anywhere?

Yes, the root key for the SET consortium was done this way.  The 
technology was developed by Banker's Trust Electronic Commerce, which was 
spun off into a company called CertCo. They also had a method of 
re-splitting a key; think of a trade group that votes out one of the 
members without that entity's consent.  The code to do all that was on the 
HSM cards.

Both techniques are patented. CertCo failed and I don't know who ended up 
with the IP.  (As a souvenir from the wind-down, I have a co-branded 
CertCo/Chrysalis HSM. :)


STSM, WebSphere Appliance Architect

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list