distributed secret key

Michael Richardson mcr at sandelman.ca
Sun May 24 16:20:11 UTC 2020

Erich Eckner <openssl at eckner.net> wrote:
    > we're looking into setting up a CA with openssl, but we would like to
    > distribute the secret key amongst multiple persons. We're aware of
    > Shamir's secret sharing algorithm, but we'd like to know if there is some
    > algorithm supported by openssl, that fulfills the following requirements
    > (2 and 3 are not fulfilled by Shamir's algorithm):

    > 1. Secret key shared amongst N persons, M<N shares sufficient for using
    > the key.

    > 2. No secret material (or parts thereof) needs to be sent around,
    > preferably not even during creation of the key.

So you want to split a secret, but then not send anything to anyone?
I don't really understand this at all.  I don't think it's physically
possible.  Maybe you could restate your requirement in another way.

    > 3. Secret key will not be assembled from the shares for the acutal
    > operation. E.g. each share operates independently, and the intermediate
    > result is sent around, after M keyparts operated on it, the signature is
    > complete and can be used.

I guess you want a system where the shares can be added after
"exponentiation" rather than before.

    > If this is not supported by openssl, we're also open for suggestions of
    > other (open source, free-to-use) software, that can achieve this and
    > creates standard X.509 certificates (not sure if I termed that correctly).

I believe that Phillip Hallam-Baker's
                   Threshold Modes in Elliptic Curves

may fullfil your needs.  It might even satisfy (2), but I'm not sure it
satisfies (1).  It may be that you don't need to satisfy (1).

I know that Phil has running code, but I don't think it's based upon openssl.

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200524/31499ca4/attachment.sig>

More information about the openssl-users mailing list