pith. sign in

arxiv: 2602.22187 · v3 · submitted 2026-02-25 · 💻 cs.CR

UC-Secure Star DKG for Non-Exportable Key Shares with VSS-Free Enforcement

Vipin Singh Sehrawat This is my paper

Pith reviewed 2026-05-15 19:16 UTC · model grok-4.3

classification 💻 cs.CR
keywords distributed key generationUC securitynon-exportable keysthreshold cryptographyhardware isolationNIZK proofsstar access structureVSS-free
0
0 comments X

The pith

SDKG UC-realizes a transcript-driven refinement of standard UC-DKG for non-exportable key shares using hardware KeyBoxes and straight-line NIZKs.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper presents Star DKG (SDKG), a distributed key generation protocol for multi-device threshold wallets with a star access structure in which a designated service must co-sign but cannot sign alone. It achieves UC security in the F_KeyBox-hybrid and gRO-CRP models by delegating confidentiality to hardware isolation and using Unique Structure Verification plus Fischlin-based NIZKs to enforce affine consistency and uniqueness without exporting shares or relying on VSS. A sympathetic reader would care because the construction respects hardware boundaries that rule out rewinding and supports adaptive corruptions with secure erasures while realizing a refined UC-DKG functionality. The work focuses enforcement on transcript-driven properties through public certificates whose corresponding scalars stay inside the KeyBox.

Core claim

In the F_KeyBox-hybrid and gRO-CRP models, under the discrete logarithm and decisional Diffie-Hellman assumptions with adaptive corruptions and secure erasures, the SDKG protocol UC-realizes a transcript-driven refinement of the standard UC-DKG functionality. It combines KeyBox confidentiality, Unique Structure Verification for non-exported scalars, and UC-extractable NIZK arguments to ensure secrecy, uniqueness, and affine consistency for 1+1-out-of-n star structures over primary and recovery roles.

What carries the argument

Unique Structure Verification (USV), a publicly verifiable certificate whose certified scalar remains inside the KeyBox while its public group element is derivable from the transcript, paired with Fischlin-based NIZK arguments of knowledge in the gRO-CRP model to deliver straight-line UC-extractability.

If this is right

  • SDKG supports role-based device registration for primary and recovery roles in 1+1-out-of-n star threshold wallets.
  • The protocol incurs ×O(n log p) communication overhead over a prime-order group of size p.
  • Computation cost is ×O(n log^{2.585} p) bit operations.
  • It handles adaptive corruptions and secure erasures while realizing the refined UC-DKG functionality without share export or resharing.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The VSS-free design could extend to other hardware-isolated threshold protocols that already rely on TEE or HSM boundaries for confidentiality.
  • Real-world deployment would require checking that side-channel leakage does not violate the KeyBox isolation assumed in the model.
  • Similar straight-line techniques might apply to UC-secure MPC constructions that combine global random oracles with hardware modules.
  • The star structure lends itself to service-assisted key recovery flows in consumer multi-device wallets.

Load-bearing premise

The ideal F_KeyBox functionality accurately captures the isolation boundaries of real hardware such as TEEs and HSMs, and Fischlin-based NIZKs in the gRO-CRP model deliver straight-line UC-extractability without rewinding.

What would settle it

A concrete attack that extracts a secret scalar from a simulated KeyBox execution or forges a USV certificate producing an affine-inconsistent public key transcript that violates the UC simulation in the F_KeyBox-hybrid model.

Figures

Figures reproduced from arXiv: 2602.22187 by Vipin Singh Sehrawat.

Figure 1
Figure 1. Figure 1: Ideal authenticated, length-leaking secure channel [PITH_FULL_IMAGE:figures/full_fig_p009_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Ideal authenticated public broadcast Fpub (adversary-visible, adversary-scheduled). adversary controls Pi and may arbitrarily influence its future actions and state. We assume honest-party activations are atomic with respect to corruption, i.e., corruptions can occur only between activations. Consequently, temporary values created and erased within a single honest activation are never revealed by a later c… view at source ↗
Figure 3
Figure 3. Figure 3: Per-party KeyBox functionality F (Pown) KeyBox for an NXK KeyBox with KeyBox-to-KeyBox sealing. Definition 2 (Key-opacity). Let K be a key space, let ξ be an efficiently sampleable distribution over K, and let PubMap : K → {0, 1} ∗ be an efficiently computable public-information map. For security parameter λ, Fadm is key-opaque with respect to (ξ, PubMap) if for every PPT adversary A there exists a PPT ITM… view at source ↗
Figure 4
Figure 4. Figure 4: Global setup functionality GgRO-CRP implementing gRO-CRP. Remark 10 (Oracle-tape convention). When we say that an extractor or simulator inspects LogP∗ , we mean that it runs the ITM P ∗ with explicit oracle access to the global functionality GgRO-CRP and records the transcript of its local calls to Query(ctx, x) together with the corresponding replies. When a set of contexts is relevant, LogP∗ is understo… view at source ↗
Figure 5
Figure 5. Figure 5: Two-party USV certificate functionality FUSV with gRO-CRP receipt binding and verified openings. The PPT simulator Sim only needs pp and the public leakage from FUSV. In the ideal world, on receiving each (Commit,sid, cid, C, ζ), FUSV computes the receipt d := H [PITH_FULL_IMAGE:figures/full_fig_p036_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: LinOS-Fischlin API with profile-fixed parameters. [PITH_FULL_IMAGE:figures/full_fig_p040_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Key-independent leaf routine for hardened/minimal NXK deployments of SDKG. [PITH_FULL_IMAGE:figures/full_fig_p044_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Transcript-driven ideal functionality FSDKG [PITH_FULL_IMAGE:figures/full_fig_p054_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Transcript-driven ideal functionality F (n) SDKG [PITH_FULL_IMAGE:figures/full_fig_p068_9.png] view at source ↗
read the original abstract

Distributed Key Generation (DKG) lets parties derive a common public key while keeping the signing key secret-shared. UC-secure DKG requires a verifiable-sharing enforcement layer -- classically satisfied via Verifiable Secret Sharing (VSS) and/or commitment-and-proof mechanisms -- for secrecy, uniqueness, and affine consistency. We target the Non-eXportable Key (NXK) setting enforced by hardware-backed key-isolation modules (e.g., TEEs, HSM-like APIs), formalized via an ideal KeyBox (keystore) functionality $\mathcal{F}_{KeyBox}$ that keeps shares non-exportable and permits only attested KeyBox-to-KeyBox sealing. With confidentiality delegated to the NXK boundary, the remaining challenge is enforcing transcript-defined affine consistency without exporting or resharing shares. State continuity rules out rewinding-based extraction, mandating straight-line techniques. We combine (i) KeyBox confidentiality; (ii) Unique Structure Verification (USV), a publicly verifiable certificate whose certified scalar never leaves the KeyBox yet whose public group element is transcript-derivable; and (iii) Fischlin-based UC-extractable NIZK arguments of knowledge in a gRO-CRP (global Random Oracle with Context-Restricted Programmability) model. We construct Star DKG (SDKG), a UC-secure scheme for multi-device threshold wallets where a designated service must co-sign but cannot sign alone, realizing a 1+1-out-of-$n$ star access structure (center plus any leaf) over roles (primary vs. recovery) with role-based device registration. In the $\mathcal{F}_{KeyBox}$-hybrid and gRO-CRP models, under DL and DDH assumptions with adaptive corruptions and secure erasures, SDKG UC-realizes a transcript-driven refinement of the standard UC-DKG functionality. Over a prime-order group of size $p$, SDKG incurs $\widetilde{O}(n\log p)$ communication overhead and $\widetilde{O}(n\log^{2.585}p)$ bit-operation cost.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper constructs Star DKG (SDKG), a UC-secure distributed key generation protocol for non-exportable key shares under a 1+1-out-of-n star access structure. It delegates confidentiality to an ideal F_KeyBox hardware functionality, enforces transcript-defined affine consistency via Unique Structure Verification (USV) certificates whose scalars remain inside the KeyBox, and uses Fischlin-based NIZK arguments of knowledge in the gRO-CRP model. The central claim is that, in the F_KeyBox-hybrid world under DL and DDH with adaptive corruptions and secure erasures, SDKG UC-realizes a transcript-driven refinement of the standard UC-DKG functionality, with communication cost Õ(n log p) and bit-operation cost Õ(n log^{2.585} p).

Significance. If the UC-realization holds, the result would be significant for hardware-isolated threshold wallets: it removes the need for VSS while preserving UC security and non-exportability, supplies concrete asymptotic costs, and introduces USV as a lightweight consistency mechanism. The combination of ideal hardware modeling with straight-line extractable NIZKs in gRO-CRP is a non-trivial technical contribution that could influence future designs of role-based multi-device key management.

major comments (2)
  1. [§5] §5 (UC Security Proof): The simulator argument for adaptive corruptions and state-continuous parties rests on straight-line extractability of the Fischlin NIZK for the USV certificate in the gRO-CRP model, yet the proof sketch does not exhibit an explicit reduction showing that extraction succeeds without rewinding or that the gRO-CRP programmability suffices to simulate the transcript-defined consistency check; this is load-bearing for the UC-realization claim.
  2. [§3.2] §3.2 (Definition of F_KeyBox): The ideal functionality encodes perfect non-exportability and attested sealing, but the hybrid argument does not address how the simulation would fail under realistic side-channel leakage or attestation forgery; because confidentiality is entirely delegated to this boundary, any gap between F_KeyBox and actual TEE/HSM behavior directly undermines the secrecy part of the UC-DKG functionality.
minor comments (2)
  1. [Abstract] The abstract states the communication overhead as Õ(n log p) but does not clarify whether this counts group elements or bits; adding a short table comparing SDKG to prior VSS-based DKGs would improve readability.
  2. [§2] Notation for the star access structure (center plus any leaf) is introduced without an explicit diagram; a small figure in §2 would help readers track the primary/recovery role distinction.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the detailed and constructive feedback. We address the major comments point by point below, clarifying the technical arguments and indicating planned revisions where appropriate.

read point-by-point responses

  1. Referee: [§5] §5 (UC Security Proof): The simulator argument for adaptive corruptions and state-continuous parties rests on straight-line extractability of the Fischlin NIZK for the USV certificate in the gRO-CRP model, yet the proof sketch does not exhibit an explicit reduction showing that extraction succeeds without rewinding or that the gRO-CRP programmability suffices to simulate the transcript-defined consistency check; this is load-bearing for the UC-realization claim.

    Authors: We agree that the proof sketch in §5 is concise and would benefit from greater explicitness. The simulator in the full proof uses the straight-line extractability of the Fischlin NIZK (which holds in the gRO-CRP model by the results of Fischlin et al.) together with context-restricted programmability to extract the USV witness directly from the adversary's messages without rewinding. The gRO-CRP allows the simulator to program the oracle on the specific context of the USV statement (derived from the transcript) to obtain the discrete-log witness while preserving indistinguishability for the environment. In the revised version we will expand §5 with an explicit reduction game sequence showing how extraction succeeds for the transcript-defined consistency check under adaptive corruptions and secure erasures. revision: yes

  2. Referee: [§3.2] §3.2 (Definition of F_KeyBox): The ideal functionality encodes perfect non-exportability and attested sealing, but the hybrid argument does not address how the simulation would fail under realistic side-channel leakage or attestation forgery; because confidentiality is entirely delegated to this boundary, any gap between F_KeyBox and actual TEE/HSM behavior directly undermines the secrecy part of the UC-DKG functionality.

    Authors: F_KeyBox is introduced as an ideal functionality that captures the intended security guarantees of hardware key isolation (non-exportability and attested sealing). The UC security statement is explicitly in the F_KeyBox-hybrid model; we do not claim that the protocol remains secure when the underlying hardware deviates from the ideal behavior via side-channel leakage or attestation forgery. Modeling such deviations would require a more refined functionality or a concrete security analysis against specific attacks, both of which are outside the scope of this work. The hybrid argument therefore holds under the stated modeling assumptions, which is standard for hardware-assisted cryptographic protocols. revision: no

Circularity Check

0 steps flagged

No circularity; security reduces to DL/DDH assumptions and ideal F_KeyBox functionality

full rationale

The paper defines SDKG in the F_KeyBox-hybrid model and proves UC-realization of a transcript-driven DKG functionality under standard DL and DDH assumptions in the gRO-CRP model with adaptive corruptions. The derivation uses external hardness assumptions and the properties of the ideal KeyBox functionality for non-exportability, combined with Fischlin NIZKs for straight-line extractability; none of these reduce by construction to the paper's own outputs or fitted parameters. No self-definitional loops, load-bearing self-citations, or renamed empirical patterns appear in the provided derivation chain.

Axiom & Free-Parameter Ledger

0 free parameters · 3 axioms · 3 invented entities

The central claim rests on standard cryptographic hardness assumptions and newly introduced ideal functionalities and primitives defined within the paper.

axioms (3)
  • domain assumption Discrete Logarithm problem is hard in the prime-order group
    Invoked for the security reduction of the DKG scheme.
  • domain assumption Decisional Diffie-Hellman assumption holds
    Basis for the UC security proof under adaptive corruptions.
  • domain assumption Secure erasures are available
    Required to achieve adaptive security in the UC model.
invented entities (3)
  • F_KeyBox ideal functionality no independent evidence
    purpose: Models hardware-backed non-exportable key isolation with attested sealing
    Central modeling assumption for the NXK setting; no independent evidence provided beyond the ideal functionality definition.
  • Unique Structure Verification (USV) no independent evidence
    purpose: Provides publicly verifiable certificate for affine consistency without exporting shares
    New primitive introduced to replace VSS; defined and used within the paper.
  • gRO-CRP model no independent evidence
    purpose: Global random oracle with context-restricted programmability for UC-extractable NIZKs
    Model chosen to enable straight-line extraction; standard but specialized variant.

pith-pipeline@v0.9.0 · 5674 in / 1573 out tokens · 28671 ms · 2026-05-15T19:16:31.439572+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

72 extracted references · 72 canonical work pages

  1. [1]

    Amazon Web Services: AWS Key Management Service API Reference: GetPublicKey.https://docs.aws.amazon.com/ kms/latest/APIReference/API_GetPublicKey.html, accessed 2026-02-17

    work page 2026

  2. [2]

    Journal of Computer and System Sciences36(2), 254–276 (1988)

    Babai, L., Moran, S.: Arthur-Merlin games: A randomized proof system, and a hierarchy of complexity classes. Journal of Computer and System Sciences36(2), 254–276 (1988)

    work page 1988

  3. [3]

    In: IEEE S&P

    Bacho, R., Kavousi, A.: SoK: Dlog-Based Distributed Key Generation. In: IEEE S&P. pp. 614–632 (2025)

    work page 2025

  4. [4]

    Mediterranean Journal of Mathematics19(4) (2022)

    Battagliola, M., Longo, R., Meneghetti, A., Sala, M.: Threshold ECDSA with an offline recovery party. Mediterranean Journal of Mathematics19(4) (2022)

    work page 2022

  5. [5]

    In: ACM CCS

    Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: ACM CCS. pp. 390–399 (2006)

    work page 2006

  6. [6]

    ACM SIGACT News15(1), 23–27 (1983)

    Blum, M.: Coin flipping by telephone a protocol for solving impossible problems. ACM SIGACT News15(1), 23–27 (1983)

    work page 1983

  7. [7]

    ACM Transactions on Internet Technology 4(1), 60–82 (2004)

    Boneh, D., Ding, X., Tsudik, G.: Fine-grained control of security capabilities. ACM Transactions on Internet Technology 4(1), 60–82 (2004)

    work page 2004

  8. [8]

    In: USENIX Security

    Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: A method for fast revocation of public key certificates and security capabilities. In: USENIX Security. pp. 297–308 (2001)

    work page 2001

  9. [9]

    In: ACM CCS

    Bortolozzo, M., Centenaro, M., Focardi, R., Steel, G.: Attacking and fixing PKCS#11 security tokens. In: ACM CCS. pp. 260–269 (2010)

    work page 2010

  10. [10]

    In: ACM CCS

    Cachin, C., Kursawe, K., Lysyanskaya, A., Strobl, R.: Asynchronous verifiable secret sharing and proactive cryptosystems. In: ACM CCS. pp. 88–97 (2002)

    work page 2002

  11. [11]

    In: EUROCRYPT

    Camenisch, J., Drijvers, M., Gagliardoni, T., Lehmann, A., Neven, G.: The wonderful world of global random oracles. In: EUROCRYPT. pp. 280–312 (2018)

    work page 2018

  12. [12]

    Camenisch, J., Drijvers, M., Lehmann, A.: Universally composable direct anonymous attestation. In: PKC. pp. 234–264 (2016)

    work page 2016

  13. [13]

    In: FOCS

    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS. pp. 136–145 (2001)

    work page 2001

  14. [14]

    Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: TCC. pp. 61–85 (2007)

    work page 2007

  15. [15]

    Cryptology ePrint Archive, Report 2021/060 (2021), full version of the CCS’20 paper

    Canetti, R., Gennaro, R., Goldfeder, S., Makriyannis, N., Peled, U.: UC non-interactive, proactive, threshold ECDSA with identifiable aborts. Cryptology ePrint Archive, Report 2021/060 (2021), full version of the CCS’20 paper

    work page 2021

  16. [16]

    In: STOC

    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge. In: STOC. pp. 235–244 (2000)

    work page 2000

  17. [17]

    In: ACM CCS

    Canetti, R., Jain, A., Scafuro, A.: Practical UC security with a global random oracle. In: ACM CCS. pp. 597–608 (2014)

    work page 2014

  18. [18]

    In: CRYPTO

    Canetti, R., Rabin, T.: Universal composition with joint state. In: CRYPTO. pp. 265–281 (2003)

    work page 2003

  19. [19]

    In: CRYPTO

    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: CRYPTO. pp. 89–105 (1992) UC-Secure Star DKG for Non-Exportable Key Shares with VSS-Free Enforcement 73

    work page 1992

  20. [20]

    IACR CiC1(2) (2024)

    Chen, Y.H., Lindell, Y.: Optimizing and implementing Fischlin’s transform for UC-secure zero-knowledge. IACR CiC1(2) (2024)

    work page 2024

  21. [21]

    In: FOCS

    Chor, B., Goldwasser, S., Micali, S., Awerbuch, B.: Verifiable secret sharing and achieving simultaneity in the presence of faults. In: FOCS. pp. 383–395 (1985)

    work page 1985

  22. [22]

    In: STOC

    Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: STOC. pp. 364–369 (1986)

    work page 1986

  23. [23]

    In: CRYPTO

    Desmedt, Y.: Society and group oriented cryptography: A new concept. In: CRYPTO. pp. 120–127 (1987)

    work page 1987

  24. [24]

    In: CRYPTO

    Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: CRYPTO. pp. 307–315 (1989)

    work page 1989

  25. [25]

    In: NDSS (2002)

    Ding, X., Mazzocchi, D., Tsudik, G.: Experimenting with server-aided signatures. In: NDSS (2002)

    work page 2002

  26. [26]

    In: IEEE S&P

    Doerner, J., Kondi, Y., Lee, E., Shelat, A.: Threshold ECDSA in Three Rounds. In: IEEE S&P. pp. 3053–3071 (2024)

    work page 2024

  27. [27]

    In: CRYPTO

    Doerner, J., Kondi, Y., Rosenbloom, L.N.: Sometimes you can’t distribute random-oracle-based proofs. In: CRYPTO. pp. 323–358 (2024)

    work page 2024

  28. [28]

    Faz-Hernandez, A., Scott, S., Sullivan, N., Wahby, R.S., Wood, C.A.: RFC 9380: Hashing to elliptic curves (August 2023), https://www.rfc-editor.org/rfc/rfc9380.html, iRTF, Informational

    work page 2023

  29. [29]

    In: FOCS

    Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: FOCS. pp. 427–438 (1987)

    work page 1987

  30. [30]

    In: CRYPTO

    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: CRYPTO. pp. 186–194 (1986)

    work page 1986

  31. [31]

    In: CRYPTO

    Fischlin, M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: CRYPTO. pp. 152–168 (2005)

    work page 2005

  32. [32]

    Cryptology ePrint Archive, Paper 2024/253 (2024)

    Friedman, O., Marmor, A., Mutzari, D., Sadika, O., Scaly, Y.C., Spiizer, Y., Yanai, A.: 2PC-MPC: Emulating two party ECDSA in large-scale MPC. Cryptology ePrint Archive, Paper 2024/253 (2024)

    work page 2024

  33. [33]

    Cryptology ePrint Archive, Report 2025/297 (2025)

    Friedman, O., Marmor, A., Mutzari, D., Scaly, Y.C., Spiizer, Y.: Practical zero-trust threshold signatures in large-scale dynamic asynchronous networks. Cryptology ePrint Archive, Report 2025/297 (2025)

    work page 2025

  34. [34]

    Journal of Cryptology20, 51–83 (2007)

    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. Journal of Cryptology20, 51–83 (2007)

    work page 2007

  35. [35]

    In: STOC

    Goldreich, O., Micali, S., Wigderson, A.: How to play ANY mental game. In: STOC. pp. 218–229 (1987)

    work page 1987

  36. [36]

    https://docs.cloud.google.com/iam/docs/ roles-permissions/cloudkms, accessed 2026-02-17

    Google Cloud: Cloud Key Management Service roles and permissions. https://docs.cloud.google.com/iam/docs/ roles-permissions/cloudkms, accessed 2026-02-17

    work page 2026

  37. [37]

    In: EUROCRYPT

    Groth, J., Ostrovsky, R., Sahai, A.: Perfect non-interactive zero knowledge for NP. In: EUROCRYPT. pp. 339–358 (2006)

    work page 2006

  38. [38]

    Journal of ACM59(3), 11:1–11:35 (2012)

    Groth, J., Ostrovsky, R., Sahai, A.: New techniques for noninteractive zero-knowledge. Journal of ACM59(3), 11:1–11:35 (2012)

    work page 2012

  39. [39]

    RFC 8032 (Jan 2017),https://www

    Josefsson, S., Liusvaara, I.: Edwards-Curve Digital Signature Algorithm (EdDSA). RFC 8032 (Jan 2017),https://www. rfc-editor.org/rfc/rfc8032

    work page 2017

  40. [40]

    Soviet Physics - Doklady7, 595–596 (1963)

    Karatsuba, A., Ofman, Y.: Multiplication of multidigit numbers on automata. Soviet Physics - Doklady7, 595–596 (1963)

    work page 1963

  41. [41]

    In: CRYPTO

    Katz, J.: Round-optimal, fully secure distributed key generation. In: CRYPTO. pp. 285–316 (2024)

    work page 2024

  42. [42]

    Kelsey, J., ao, L.T.A.N.B., Peralta, R., Booth, H.: A reference for randomness beacons. Tech. Rep. NISTIR 8213 (2019)

    work page 2019

  43. [43]

    Cryptology ePrint Archive, Report 2023/292 (2023)

    Komlo, C., Goldberg, I., Stebila, D.: A formal treatment of distributed key generation, and new constructions. Cryptology ePrint Archive, Report 2023/292 (2023)

    work page 2023

  44. [44]

    In: IEEE Computer Security Foundations Symposium

    Küsters, R., Tuengerthal, M.: Universally composable symmetric encryption. In: IEEE Computer Security Foundations Symposium. pp. 293–307 (2009)

    work page 2009

  45. [45]

    Communications in Cryptology1(1), 1–49 (2024)

    Lindell, Y.: Simple three-round multiparty Schnorr signing with full simulatability. Communications in Cryptology1(1), 1–49 (2024)

    work page 2024

  46. [46]

    In: ACM CCS

    Lindell, Y., Nof, A.: Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocur- rency custody. In: ACM CCS. pp. 1837–1854 (2018)

    work page 2018

  47. [47]

    In: PETs

    Lueks, W., Hampiholi, B., Alpár, G., Troncoso, C.: Tandem: Securing keys by using a central server while preserving privacy. In: PETs. pp. 327–355 (2020)

    work page 2020

  48. [48]

    Lysyanskaya, A., Rosenbloom, L.N.: Universally composableσ-protocols in the global random-oracle model. In: TCC. pp. 203–233 (2022)

    work page 2022

  49. [49]

    In: LATINCRYPT

    Lysyanskaya, A., Rosenbloom, L.N.: Adaptive UC NIZK for practical applications. In: LATINCRYPT. pp. 76–108 (2025)

    work page 2025

  50. [50]

    Martinico, L.: Trusted Execution for Private and Secure Computation: a Composable Approach. Ph.D. thesis, University of Edinburgh (2025)

    work page 2025

  51. [51]

    In: IEEE Computer Security Foundations Symposium (CSF)

    Martinico, L., Kohlweiss, M.: AGATE: Augmented Global Attested Trusted Execution in the Universal Composability Framework. In: IEEE Computer Security Foundations Symposium (CSF). pp. 49–64 (2025)

    work page 2025

  52. [52]

    https://learn.microsoft.com/en-us/azure/ key-vault/keys/about-keys-details, accessed 2026-02-17

    Microsoft: Key types, algorithms, and operations — Azure Key Vault. https://learn.microsoft.com/en-us/azure/ key-vault/keys/about-keys-details, accessed 2026-02-17

    work page 2026

  53. [53]

    In: EUROCRYPT

    Pass, R., Shi, E., Tramèr, F.: Formal abstractions for attested execution secure processors. In: EUROCRYPT. pp. 260–289 (2017) 74 Vipin Singh Sehrawat

    work page 2017

  54. [54]

    In: CRYPTO

    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: CRYPTO. pp. 129–140 (1991)

    work page 1991

  55. [55]

    In: EUROCRYPT

    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: EUROCRYPT. pp. 387–398 (1996)

    work page 1996

  56. [56]

    RFC 6979 (Aug 2013),https://www.rfc-editor.org/rfc/rfc6979

    Pornin, T.: Deterministic usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA). RFC 6979 (Aug 2013),https://www.rfc-editor.org/rfc/rfc6979

    work page 2013

  57. [57]

    In: ACM CCS

    Rogaway, P.: Authenticated-encryption with associated-data. In: ACM CCS. pp. 98–107 (2002)

    work page 2002

  58. [58]

    In: CRYPTO

    Schnorr, C.P.: Efficient identification and signatures for smart cards. In: CRYPTO. pp. 239–252 (1989)

    work page 1989

  59. [59]

    Journal of Cryptology4, 161–174 (1991)

    Schnorr, C.P.: Efficient signature generation by smart cards. Journal of Cryptology4, 161–174 (1991)

    work page 1991

  60. [60]

    Communications of the ACM22, 612–613 (Nov 1979)

    Shamir, A.: How to share a secret. Communications of the ACM22, 612–613 (Nov 1979)

    work page 1979

  61. [61]

    Springer Cham (2024)

    Shepherd, C., Markantonakis, K.: Trusted Execution Environments. Springer Cham (2024)

    work page 2024

  62. [62]

    Heijningen, N., Aboulkassimi, D., Gaine, C., Heckmann, T., Naccache, D.: Physical fault injection and side-channel attacks on mobile devices: A comprehensive analysis

    Shepherd, C., Markantonakis, K., v. Heijningen, N., Aboulkassimi, D., Gaine, C., Heckmann, T., Naccache, D.: Physical fault injection and side-channel attacks on mobile devices: A comprehensive analysis. Computers & Security111, 102471 (2021)

    work page 2021

  63. [63]

    Cryptology ePrint Archive, Report 2024/1941 (2024)

    Snetkov, N., Vakarjuk, J., Laud, P.: Universally composable server-supported signatures for smartphones. Cryptology ePrint Archive, Report 2024/1941 (2024)

    work page 2024

  64. [64]

    In: International Conference on the Theory and Applications of Cryptographic Techniques

    Stadler,M.: Publicly verifiable secret sharing. In: International Conference on the Theory and Applications of Cryptographic Techniques. pp. 190–199 (1996)

    work page 1996

  65. [65]

    In: FOCS

    Yao, A.C.: How to generate and exchange secrets. In: FOCS. pp. 162–167 (1986)

    work page 1986

  66. [66]

    IEEE Transactions on Dependable and Secure Computing23(2), 3798–3813 (2026)

    Zhang, X., Qin, K., Qu, S., Wang, T., Zhang, C., Gu, D.: Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust. IEEE Transactions on Dependable and Secure Computing23(2), 3798–3813 (2026). https://doi.org/10.1109/tdsc.2025.3636884

    work page doi:10.1109/tdsc.2025.3636884 2026

  67. [67]

    Zhang, Y., Qian, Y.: Randao: A DAO working as RNG of Ethereum (2019),https://github.com/randao/randao/ A Programmable Secure Hardware Integration The main construction already assumes that USV certificate generationCert(pp,·)is executed inside the KeyBox boundary and exports only(C,ζ). This appendix describes an optional additional hardening that further ...

    work page 2019

  68. [68]

    Dedicated TEEs as restricted keystores: Implement the KeyBox as a minimal enclave exposing onlyLoad/Use endpoints. Approximate SealToPeer by pinning recipient keys to attested identities/measurements (e.g., HPKE- style sealing),and treat rollback/fork protection as an explicit subsystem (counters / trusted time / server freshness)

    work page

  69. [69]

    KeyBox logic

    Attested enclave↔KMS / KMS-backed enclaves: Split “KeyBox logic” (enclave) from “policy enforcement” (KMS) so that key usage and sealing are authorized by attestation evidence and measurement-based policy, rather than host-supplied keys

    work page

  70. [70]

    HSMs under a strict allowlist profile (PKCS#11-style): Use HSM non-exportability, but restrict mechanisms to a small allowlist that rules out share-deriving outputs and caller-decryptable wrap/export; if wrapping exists, constrain it to trusted/pinned recipients only (to preserve key-opacity)

    work page

  71. [71]

    NXK + restricted operations

    Endpoint hardware-backed keystores: Platform keystores often match the “NXK + restricted operations” model, but typically expose a fixed operation menu; they therefore realize only those profiles reducible to built-in operations plus pinned sealing

    work page

  72. [72]

    TPM-assisted freshness/anti-rollback: Even when the KeyBox is a TEE/enclave, TPM-backed monotonic primitives can supply the freshness mechanism needed to approximate state continuity in hostile host environments. 76 Vipin Singh Sehrawat C Illustrative application: NXK-compatible commit–reveal randomness beacons Many practical protocols— such as lotteries,...

    work page