Is this the first ever practically-deployed use of a threshold scheme?
Jeffrey I. Schiller
jis at qyv.net
Sat Jul 31 20:41:20 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/31/2010 02:44 AM, Peter Gutmann wrote:
> Apparently the DNS root key is protected by what sounds like a
> five-of-seven threshold scheme, but the description is a bit
> unclear. Does anyone know more?
>
> (Oh, and for people who want to quibble over "practically-deployed",
> I'm not aware of any real usage of threshold schemes for anything,
> at best you have combine-two-key-components (usually via XOR), but
> no serious use of real n- of-m that I've heard of. Mind you, one
> single use doesn't necessarily count as "practically deployed"
> either).
When we deployed the U.S. Higher Ed. PKI Root (USHER) [1] we secret
shared the root key in a 3 of 5 way. The operator of the PKI had two
of the shares and 3 independent outsiders each had a single share. The
idea being that the operator would need to contact one of the outside
share holders in order to recover the key, but it would require all
three of the outside share holders to get together to recombine the
key without the cooperation of the operator.
Each share consisted of a CD-R with the share written to it thousands
of times (why not, the thing holds ~650Mb and the share is about 1k or
so). We also wrote out the source code of the combining program a few
thousand times as well. It was written in Python.
-Jeff
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFMVMKw8CBzV/QUlSsRAk/XAKCeffugiZsoTARGdfiOk6/2ZL4eKACgqtaY
CBSjaU/x53CWvO6aYvxIbnU=
=5Oga
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list