The present invention relates to authenticated communication, and more specifically, to authenticated communication in dynamic federated environments.
Some cryptosystems, called “threshold cryptosystems” require a number of parties to cooperate in a decryption protocol in order to decrypt a message. In such systems, a message may be encrypted using a public key and the corresponding private key may be shared among participating parties. A minimum threshold number of the total number of parties must participate in order to decrypt the message. One example of a threshold cryptosystem is a “threshold signature scheme”, where a minimum number of parties are required for creating a signature.
Threshold signature schemes enable a group of distributed processes to create cryptographic signatures on messages in a way that does not require any individual group member to know the signature key. Instead, each member process receives a share of the key which it can use to generate signature fragments, and any other process (either member or third-party client) can combine the fragments to generate a complete signature. A minimum threshold number of member processes ought to generate valid fragments in order to enable the reconstruction of complete signatures by other processes.
In threshold signature schemes it is desirable to be able to render the key share of ex-members useless. Proactive signature schemes, a special class of threshold signature schemes where private key shares held by the cluster members can be refreshed by means of an interactive protocol.
Another desirable feature in threshold signature schemes is to be able to grant new shares to incoming members. Verifiable secret redistribution (VSR) is a protocol that redistributes shares of a secret (for example, a private key) from an old set of members to a new, possibly disjoint one, in such a way that new shares cannot be combined with old shares to reconstruct the original secret.