> (In a threshold cryptosystem, the shares would be used in a protocol to
> perform the desired cryptographic operation [e.g., signing] without ever
> reconstructing the real secret.) Has real threshold cryptography never
> been used anywhere?
Yes, the root key for the SET consortium was done this way. The
technology was developed by Banker's Trust Electronic Commerce, which was
spun off into a company called CertCo. They also had a method of
re-splitting a key; think of a trade group that votes out one of the
members without that entity's consent. The code to do all that was on the
HSM cards.
Both techniques are patented. CertCo failed and I don't know who ended up
with the IP. (As a souvenir from the wind-down, I have a co-branded
CertCo/Chrysalis HSM. :)
/r$
--
STSM, WebSphere Appliance Architect
https://www.ibm.com/developerworks/mydeveloperworks/blogs/soma/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
