Is this the first ever practically-deployed use of a threshold scheme?

Jakob Schlyter jakob at kirei.se
Sat Jul 31 15:30:13 EDT 2010


On 31 jul 2010, at 08.44, Peter Gutmann wrote:

> Apparently the DNS root key is protected by what sounds like a five-of-seven
> threshold scheme, but the description is a bit unclear.  Does anyone know
> more?

The DNS root key is stored in HSMs. The key backups (maintained by ICANN) are encrypted with a storage master key (SMK), created inside the HSM and then split among 7 people (aka "Recovery Key Share Holders"). To recover the SMK in case of all 4 HSMs going bad, 5 of 7 key shares are required. (https://www.iana.org/dnssec/icann-dps.txt section 5.2.4)

According to the FIPS 140-2 Security Policy of the HSM, an AEP Keyper, the M-of-N key split is done using a La Grange interpolating Polynomial.


I'd be happy to answer any additional questions,

	jakob (part of the team who designed and implemented this)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list