Adaptively-Secure 'Distributed Public-Key Systems

When attacking a distributed protocol, an adaptive adversary is able to decide its actions (e.g., which parties to corrupt) at any time based on its entire view of the protocol including the entire communication history. In this paper, we consider how to construct "distributed public-key systems" which are secure against an adaptive adversary. These systems generally include a large set of important protocols and are designed to provide efficient mechanisms for a multitude of parties to control and jointly operate cryptographic capabilities. In the last few years various notions of distributed public key systems, namely: (1) function-sharing systems, (2) proactive systems and (3) distributed key generation systems, have been developed. To construct these systems, many techniques have been developed for public keys drawn from a publicly-known group structure (discrete-log based), and even more involved techniques have been developed for keys drawn from a publicly-hidden group structure (RSA and similar functions).