NIST NISTIR 8214A「閾値暗号」開発の取り組みを開始

こんにちは、丸山満彦です

NISTが「閾値暗号」開発の取り組みを開始というニュースを出していますね。

 ‘Threshold Cryptography’ って「閾値暗号」でよいんですかね。。。

● NIST
・2020.07.07 (News) NIST Kick-Starts ‘Threshold Cryptography’ Development Effort

Establishing the emerging technique’s building blocks is a near-term focus.

・2020.07.07 NISTIR 8214A NIST Roadmap Toward Criteria for Threshold Schemes for Cryptographic Primitives

Abstract

This document constitutes a preparation toward devising criteria for the standardization of threshold schemes for cryptographic primitives by the National Institute of Standards and Technology (NIST). The large diversity of possible threshold schemes, as identified in the NIST Internal Report (NISTIR) 8214, is structured along two main tracks: single-device and multi-party. Each track covers cryptographic primitives in several possible threshold modes. The potential for real-world applications is taken as an important motivating factor for differentiating the pertinence of each possible threshold scheme. Also, the selection of items for standardization needs to consider diverse features, such as advanced security properties, configurability of parameters, testing and validation, modularity and composability (e.g., of gadgets vs. composites), and specification detail. Overall, the organization put forward serves as a preparation for an upcoming solicitation of feedback useful for considering a variety of threshold schemes, while differentiating standardization paths and timelines that may depend on the levels of technical and standardization challenges. This approach paves the way for an effective engagement with the community of stakeholders and constitutes a preparation for devising criteria for standardization and subsequent calls for contributions. While the terms standards and standardization are used throughout this report to refer to a set of possible final products, this does not imply a Federal Information Processing Standard (FIPS) as one or as the only intended format for NIST products of future threshold schemes for cryptographic primitives.

・[PDF] NISTIR 8214A NIST Roadmap Toward Criteria for Threshold Schemes for Cryptographic Primitives

閾値暗号自体については、NISTIR 8214で定めています。↓

■ 参考

・ 2019.03 [PDF] NISTIR 8214 Threshold Schemes for Cryptographic Primitives - Challenges and Opportunities in Standardization and Validation of Threshold Cryptography

目次　↓

Table of Contents

1 Introduction

2 Fundamentals
2.1 Terminology
2.2 Secret sharing
2.3 Secret resharing
2.4 Threshold cryptography
2.5 Side-channel and fault attacks

3 Examples
3.1 Threshold signature examples
3.2 Side-channel attacks and countermeasures

4 Models
4.1 Security considerations
4.2 Types of attack
4.3 System model

5 Characterizing features
5.1 Threshold values
5.2 Communication interfaces
5.3 Target computing platforms
5.4 Setup and maintenance

6 Validation of implementations
6.1 The existing CMVP and FIPS 140-2
6.2 Integration of threshold cryptographic schemes

7 Criteria for standardization
7.1 Representative questions
7.2 Standardization at what granularity level?
7.3 Standardization opportunities

8 Conclusions