Toward Criteria for Standardization of Multi-Party Threshold Schemes for Cryptographic Primitives Luís T. A. N. Brandão* Cryptographic Technology Group National Institute of Standards and Technology (Gaithersburg, USA) Presentation on August 15, 20 20 @ ACAS2020, Virtual event 2nd Workshop on A dvanced C ryptography A pplications and S tandards *At NIST as a Foreign Guest Researcher (Contractor, from Strativia) Opinions expressed in this presentation are from the speaker and are not to be construed as offjcial views of NIST.
Outline 1. Intro NIST standards 2. Update on the NIST Threshold Cryptography project 3. Some thoughts on standardization 4. Concluding remarks 2/28
Outline 1. Intro NIST standards 2. Update on the NIST Threshold Cryptography project 3. Some thoughts on standardization 4. Concluding remarks 2/28
3/28 Security Testing, Validation and Measurement (STVM): validate cryptographic algorithm Legend: FIPS = Federal Information Processing Standards; SP 800 = Special Publications in Computer Security; NISTIR = NIST Internal or Interagency Report. International cooperation: government, industry, academia, standardization bodies. Documents: FIPS, SP 800, NISTIR. ] ] develop test suites and test methods; [ implementations, cryptographic modules, [ recommendations and best practices for cryptographic algorithms, methods, and protocols. Cryptographic Technology Group (CTG): research, develop, engineer, and produce guidelines, Computer Security Division (CSD): Aerial photo of Gaithersburg campus (source: Google Maps, August 2019) science, standards, and technology ... economic security ... quality of life. Mission: ... innovation ... industrial competitiveness ... measurement Non-regulatory federal agency (within the U.S. Department of Commerce) NIST: Laboratories → Divisions → Groups � �
Non-regulatory federal agency (within the U.S. Department of Commerce) Mission: ... innovation ... industrial competitiveness ... measurement science, standards, and technology ... economic security ... quality of life. Aerial photo of Gaithersburg campus (source: Google Maps, August 2019) recommendations and best practices for cryptographic algorithms, methods, and protocols. Documents: FIPS, SP 800, NISTIR. International cooperation: government, industry, academia, standardization bodies. Legend: FIPS = Federal Information Processing Standards; SP 800 = Special Publications in Computer Security; NISTIR = NIST Internal or Interagency Report. 3/28 NIST: Laboratories → Divisions → Groups � � → Computer Security Division (CSD): → Cryptographic Technology Group (CTG): research, develop, engineer, and produce guidelines, → Security Testing, Validation and Measurement (STVM): validate cryptographic algorithm implementations, cryptographic modules, [ . . . ] develop test suites and test methods; [ . . . ]
Non-regulatory federal agency (within the U.S. Department of Commerce) Mission: ... innovation ... industrial competitiveness ... measurement science, standards, and technology ... economic security ... quality of life. Aerial photo of Gaithersburg campus (source: Google Maps, August 2019) recommendations and best practices for cryptographic algorithms, methods, and protocols. Legend: FIPS = Federal Information Processing Standards; SP 800 = Special Publications in Computer Security; NISTIR = NIST Internal or Interagency Report. 3/28 NIST: Laboratories → Divisions → Groups � � → Computer Security Division (CSD): → Cryptographic Technology Group (CTG): research, develop, engineer, and produce guidelines, → Security Testing, Validation and Measurement (STVM): validate cryptographic algorithm implementations, cryptographic modules, [ . . . ] develop test suites and test methods; [ . . . ] � Documents: FIPS, SP 800, NISTIR. � International cooperation: government, industry, academia, standardization bodies.
NIST standardizes cryptographic primitives Some examples: Legend: AES (Advanced Encryption Standard); DLC: Discrete-Log Cryptography; DRBG (Deterministic Random Bit Generator); ECDSA (Elliptic Curve Digital Signature Algorithm); EdDSA (Edwards Curve Digital Signature Algorithm); IFC: Integer Factorization Cryptography; RSA (Rivest–Shamir–Adleman). Some guidance on Cryptography Standards: NISTIR 7977 (2016): NIST Cryptographic Standards and Guidelines Development Process Formalizes several principles to follow: transparency, openness, balance, integrity, technical merit, usability, global acceptability, continuous improvement, innovation and intellectual property (and overarching considerations) SP 800-175: Guideline for Using Cryptographic Standards in the Federal Government FIPS 140-3: Security Requirements for Cryptographic Modules 4/28 � FIPS 186-5 (draft): RSA, ECDSA and EdDSA signatures � FIPS 197: AES (block cipher) � SP 800-56A/B: primitives for DLC/IFC pair-wise key agreement � SP 800-90 series: DRBGs
NIST standardizes cryptographic primitives Some examples: Legend: AES (Advanced Encryption Standard); DLC: Discrete-Log Cryptography; DRBG (Deterministic Random Bit Generator); ECDSA (Elliptic Curve Digital Signature Algorithm); EdDSA (Edwards Curve Digital Signature Algorithm); IFC: Integer Factorization Cryptography; RSA (Rivest–Shamir–Adleman). Some guidance on Cryptography Standards: Formalizes several principles to follow: transparency, openness, balance, integrity, technical merit, usability, global acceptability, continuous improvement, innovation and intellectual property (and overarching considerations) 4/28 � FIPS 186-5 (draft): RSA, ECDSA and EdDSA signatures � FIPS 197: AES (block cipher) � SP 800-56A/B: primitives for DLC/IFC pair-wise key agreement � SP 800-90 series: DRBGs � NISTIR 7977 (2016): NIST Cryptographic Standards and Guidelines Development Process � SP 800-175: Guideline for Using Cryptographic Standards in the Federal Government � FIPS 140-3: Security Requirements for Cryptographic Modules
Development of new standards Several methods to develop cryptography standards: Examples of ongoing standardization projects: Post-quantum Cryptography: signatures, public-key encryption, key encapsulation Lightweight Cryptography: ciphers, authenticated encryption, hash functions Threshold Cryptography: threshold schemes for cryptographic primitives ... NIST also has projects for research (e.g., Circuit Complexity) and applications (e.g., Randomness Beacon) This presentation: Threshold Cryptography project “Multi-Party” track 5/28 � Internal or interagency developed techniques � Adoption of external standards � Open call, competition, “competition-like”
Development of new standards Several methods to develop cryptography standards: Examples of ongoing standardization projects: Randomness Beacon) This presentation: Threshold Cryptography project “Multi-Party” track 5/28 � Internal or interagency developed techniques � Adoption of external standards � Open call, competition, “competition-like” � Post-quantum Cryptography: signatures, public-key encryption, key encapsulation � Lightweight Cryptography: ciphers, authenticated encryption, hash functions � Threshold Cryptography: threshold schemes for cryptographic primitives � ... NIST also has projects for research (e.g., Circuit Complexity) and applications (e.g.,
Development of new standards Several methods to develop cryptography standards: Examples of ongoing standardization projects: Randomness Beacon) This presentation: 5/28 � Internal or interagency developed techniques � Adoption of external standards � Open call, competition, “competition-like” � Post-quantum Cryptography: signatures, public-key encryption, key encapsulation � Lightweight Cryptography: ciphers, authenticated encryption, hash functions � Threshold Cryptography: threshold schemes for cryptographic primitives � ... NIST also has projects for research (e.g., Circuit Complexity) and applications (e.g., Threshold Cryptography project → “Multi-Party” track
Outline 1. Intro NIST standards 2. Update on the NIST Threshold Cryptography project 3. Some thoughts on standardization 4. Concluding remarks 6/28
Why going for a threshold approach? The threshold approach ( f -out-of- n ) of components of up to a threshold number to mitigate the compromise use redundancy & diversity At a high-level: clker.com/clipart-13643.html The red dancing devil is from * = clker.com/clipart- Crypto can be afgected by vulnerabilities *4296.html *question-2.html of failure? single-points How to address 7/28 � Attacks can exploit difgerences between ideal vs. real implementations � Operators of cryptographic implementations can go rogue
Why going for a threshold approach? The threshold approach ( f -out-of- n ) of components of up to a threshold number to mitigate the compromise use redundancy & diversity At a high-level: clker.com/clipart-13643.html The red dancing devil is from * = clker.com/clipart- Crypto can be afgected by vulnerabilities *4296.html *question-2.html of failure? single-points How to address 7/28 � Attacks can exploit difgerences between ideal vs. real implementations � Operators of cryptographic implementations can go rogue
Recommend
More recommend
