REALIZING INFORMATION ESCROWS AND EFFICIENT KEY-MANAGEMENT USING THRESHOLD CRYPTOGRAPHY

In this thesis, we address two applications of threshold cryptography — designing information escrows and key-distribution in cryptocurrency systems. We design escrow mechanisms in two-party and multi-party scenarios such that any unauthorized revelation of
data results in the loss of cryptocurrency by the dishonest party. Later, we discuss user mental models in adopting cryptocurrency wallets and propose a protocol to efficiently provide cryptographic keys to the users in large-user systems. An information escrow refers to users storing their data at a custodian such that it can be revealed later. In the case of unauthorized leakage of this data by the custodian (receiver of data), taking legal actions is expensive, time consuming and also difficult owing to difficulty in establishing the responsibility. We address this by automatically penalizing the custodian through the loss of cryptocurrency in case of leakage. Initially, we consider a two party scenario where a sender forwards multimedia data to a receiver; we propose the Pepal protocol
where any total or partial leakage of data penalizes the receiver. To avoid single point of failure at the receiver in a two-party system, we extend the protocol to a multi-party system where a group of agents offer the escrow as a service. However, this introduces a collusion scenario among the rational agents leading to premature and undetectable unlocking of the data. Addressing this, we propose a collusion-deterrent escrow (CDE) protocol where any collusion among the agents is penalized. We show that the provably secure protocol deters collusion in game-theoretic terms by dis-incentivising it among the rational agents. In the second part of this work, we investigate the mental models of cryptocurrency wallet users in choosing single-device or multi-device wallets along with their preferences. We investigate the user-preferred default (threshold) settings for the key distribution in the wallets. We then propose the D-KODE protocol, an efficient key-generation mechanism for
cryptocurrency systems where either the payee or payer may not have the cryptographic setup but wish to transact. The protocol utilizes a practical black-box secret sharing scheme along with a distributed almost key-homomorphic PRF to achieve the threshold key distribution.