Overview
Explore a conference talk that delves into innovative techniques for scaling threshold cryptosystems to accommodate hundreds of thousands of participants. Learn about efficient algorithms for evaluating polynomials at multiple points to accelerate the computation of Lagrange coefficients in threshold signature aggregation. Discover how authenticating multipoint evaluations can enhance the speed of proving polynomial evaluations, a crucial step in communication-efficient Verifiable Secret Sharing (VSS) and Distributed Key Generation (DKG) protocols. Understand the significant improvements in computational complexity for VSS and DKG protocols, reducing them from quadratic to quasilinear time. Examine the practical applications of these techniques, including the ability to aggregate a 130,000 out of 260,000 BLS threshold signature in just 6 seconds and generate a key for the BLS scheme in 2.3 hours. Gain insights into the limitations of this approach, such as the requirement for a trusted setup and the focus on synchronous protocols, while considering its potential impact on large-scale distributed systems.
Syllabus
Towards Scalable Threshold Cryptosystems
Threshold signature schemes (TSS)
TSS efficiency & scalability challenges
Shamir's Secret Sharing
Verifiable Secret Sharing (VSS) prevents attacks
KZG-based VSS dealing does not scale
Key ingredient: Polynomial multipoint evaluation
Authenticated Multipoint Evaluation Trees (AMTs)
The road so far
TSS aggregation does not scale
Why TSS aggregation doesn't scale
Our TSS aggregation scales!
Conclusion
Taught by
IEEE Symposium on Security and Privacy