0

Recently a bank had a costly mistake that resulted in their master private key being exposed.

Through this thread, I learned about multi-party key storage with Adi Shamir's secret sharing scheme as the basis, very cool.

In the naive setup, there's still a person/machine that must do the final decryption which knows the full key.

What scheme(s) allows no central decrypter?

A guess I have is two or more 'groups/keys' separately encrypt/decrypt the message so no one group can ever have the keys to the kingdom.

Or is there a way for the final decrypter to decrypt w/o actually knowing the master key such that only one Adi Shamir scheme is necessary?

Thanks!

nitsujri
  • 103
  • 2

1 Answers1

3

I just wanted to give you a hint, but since I cannot write comments under your question, I write it here:

I think you are searching for a scheme that whenever the secret is reconstructed, the participant's keys dont reveal. We have such schemes, please see this Lecture Note Chaper 6.

Lecture Note information: Lecture Notes, Cryptographic Protocols, Version 1.21 September 13, 2016, Berry Schoenmakers

The name of the protocol is: Threshold Elgamal Cryptosystem But the whole chapter that I mentioned is more informative than just this protocol.

m123
  • 293
  • 3
  • 9