Distributed Key Generation for SM9-Based Systems

Identity-Based Cryptography (IBC) is a useful tool for the security of IoT devices, but securely deploying this cryptographic technique to the IoT systems is quite challenging. For instance, a leakage of the master secret key will result in the leakage of all IoT devices’ private keys. SM9 is the only approved IBC algorithm standard in China. It is critical to have mechanisms to protect the SM9 master secret keys. In this work, to reduce the risk of the master secret key leakage, we propose a (t, n)-threshold distributed private key generation scheme for SM9 with some techniques from multiparty computation. Our scheme is compatible with all the three SM9 sub-algorithms (i.e., the encryption, signature and key agreement). It is also provably secure and completely eliminates the single point of failures in SM9 that is concerned by the industry. The experimental analysis indicates that the proposed scheme is efficient, e.g., up to 1 million private key generation requests can be handled per day.