On Sat, 31 Jul 2010, Jakob Schlyter wrote:
On 31 jul 2010, at 08.44, Peter Gutmann wrote:
Apparently the DNS root key is protected by what sounds like a five-of-seven
threshold scheme, but the description is a bit unclear. Does anyone know
more?
The DNS root key is stored in HSMs. The key backups (maintained by ICANN) are encrypted
with a storage master key (SMK), created inside the HSM and then split among 7 people
(aka "Recovery Key Share Holders"). To recover the SMK in case of all 4 HSMs
going bad, 5 of 7 key shares are required. (https://www.iana.org/dnssec/icann-dps.txt
section 5.2.4)
According to the FIPS 140-2 Security Policy of the HSM, an AEP Keyper, the
M-of-N key split is done using a La Grange interpolating Polynomial.
I'd be happy to answer any additional questions,
jakob (part of the team who designed and implemented this)
This is "just" Shamir secret sharing, not "real" threshold cryptography.
(In a threshold cryptosystem, the shares would be used in a protocol to
perform the desired cryptographic operation [e.g., signing] without ever
reconstructing the real secret.) Has real threshold cryptography never
been used anywhere?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]
