LibTMCG provides some additional programs that may be of independent interest. Please consult the corresponding manual pages for further information.
We have implemented a robust and secure protocol for Distributed Key Generation
(DKG) of public-key cryptosystems (see Rosario Gennaro, Stanislaw Jarecki,
Hugo Krawczyk, and Tal Rabin: Secure Distributed Key Generation for
Discrete-Log Based Cryptosystems, Journal of Cryptology, Vol. 20 Nr. 1,
Springer 2007). Moreover, LibTMCG also provides a robust protocol for
threshold DSA/DSS (see Ran Canetti, Rosario Gennaro, Stanislaw Jarecki,
Hugo Krawczyk, and Tal Rabin: Adaptive Security for Threshold
Cryptosystems, Advances in Cryptology – Proceedings of CRYPTO ’99, Lecture Notes
in Computer Science 1666, Springer 1999). The program
provides an implementation for DSA and the ElGamal cryptosystem with output of
the corresponding keys in OpenPGP format (see J. Callas, L. Donnerhacke, H. Finney,
D. Shaw, R. Thayer: OpenPGP Message Format, Network Working Group, Request
for Comments: 4880, November 2007). For key generation it needs a lot of strong
quality randomness (cf. D. Eastlake, J. Schiller, and S. Crocker: Randomness
Requirements for Security, Network Working Group, Request for Comments: 4086,
June 2005) obtained from the GNU Crypto Library (
libgcrypt), that means,
the execution will slow down or even fail on systems (e.g. headless servers) where
only low entropy sources for
/dev/random are available.
Due to the interactiveness of the protocols a lot of messages between participating parties have to be exchanged in a secure way. We employ GNUnet, and in particular its mesh routed CADET service, to establish private and broadcast channels for this message exchange. The well-known reliable broadcast protocol (see CachinKursawePetzoldShoupRBC) is used as mechanism to achieve some validity, consistency, and totality in a most likely asynchronous communication environment for t < n/3. However, there are still some limitations due to the predefined timeout values. Such problems may be recognized by looking for timeout error messages on STDERR.
dkg-encrypt encrypts a text message for a given public key in
OpenPGP format. It uses AES256 as symmetric cipher and ElGamal as public-key algorithm.
A similar encryption can be done by any OpenPGP-compatible implementation.
Conversely, a corresponding threshold decryption protocol (see Ronald Cramer,
Rosario Gennaro, and Berry Schoenmakers: A Secure and Optimally Efficient
Multi-Authority Election Scheme, Advances in Cryptology – EUROCRYPT ’97, LNCS 1233,
pp. 103–118, 1997) has been implemented in the program
dkg-decrypt. It provides
an interactive version and a non-interactive version for computing, verifying, and
combining the required decryption shares.
dkg-sign creates a detached signature on a binary file for a
shared DSA/DSS key, if a threshold of the parties work together in an interactive
signing protocol. Such a detached signature can be verified with any OpenPGP-compatible
implementation. Thus it solves the problem of distributing the power of code-signing
without secret key splitting (e.g. libgfshare) and laborious reconstruction ceremonies.
Please note that for building
dkg-sign and the interactive
dkg-decrypt the development files for a very recent GNUnet version
(at least v0.11.x, which is when writing these lines still not yet released) must be
present at configure-time resp. compile-time of LibTMCG. However, as alternative to
GNUnet a built-in TCP/IP based service for message exchnage is included.
The current implementation is in experimental state and should not be used in production environments. Motivation, cryptographical background and some usage scenarios have been presented recently at 26th Krypto-Tag. Please consult the slides for a first overview.
Please report any bugs to the maintainer of LibTMCG. Any help with development or testing of these tools is very welcome!