distributed secret key

Michael Richardson mcr at sandelman.ca
Sun May 24 16:20:11 UTC 2020 

Erich Eckner <openssl at eckner.net> wrote:
    > we're looking into setting up a CA with openssl, but we would like to
    > distribute the secret key amongst multiple persons. We're aware of
    > Shamir's secret sharing algorithm, but we'd like to know if there is some
    > algorithm supported by openssl, that fulfills the following requirements
    > (2 and 3 are not fulfilled by Shamir's algorithm):

    > 1. Secret key shared amongst N persons, M<N shares sufficient for using
    > the key.

    > 2. No secret material (or parts thereof) needs to be sent around,
    > preferably not even during creation of the key.

So you want to split a secret, but then not send anything to anyone?
I don't really understand this at all.  I don't think it's physically
possible.  Maybe you could restate your requirement in another way.

    > 3. Secret key will not be assembled from the shares for the acutal
    > operation. E.g. each share operates independently, and the intermediate
    > result is sent around, after M keyparts operated on it, the signature is
    > complete and can be used.

I guess you want a system where the shares can be added after
"exponentiation" rather than before.

    > If this is not supported by openssl, we're also open for suggestions of
    > other (open source, free-to-use) software, that can achieve this and
    > creates standard X.509 certificates (not sure if I termed that correctly).

I believe that Phillip Hallam-Baker's
                   Threshold Modes in Elliptic Curves
                     draft-hallambaker-threshold-02

may fullfil your needs.  It might even satisfy (2), but I'm not sure it
satisfies (1).  It may be that you don't need to satisfy (1).

I know that Phil has running code, but I don't think it's based upon openssl.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200524/31499ca4/attachment.sig>

More information about the openssl-users mailing list