With the support of LACNIC’s FRIDA Program, experts at NIC Chile Research Labs (University of Chile) are developing a new electronic signature system to promote widespread access to cryptographic technologies.
FRIDA awarded a US$20,000 grant to this ICT development project titled “Replacing HSMs with Software Based on Threshold Cryptography,” which seeks to allow smaller organizations to conduct secure transactions by using an information encryption system and low cost storage that will achieve or exceed the level of security provided by the hardware security modules (HSM) available on the market.
Progress made by the project was presented during the LACNIC 26 /LACNOG meeting held in Costa Rica.
Javier Bustos, director of NIC Chile Research Labs, noted that the initiative had been received with great interest.
(Free access, no subscription required)
What is the project about and what is its main goal?
The project involves the construction of an electronic signature security module (widely used, for example, in DNSSEC and financial institutions) based on the paradigm that keys are no longer stored by a single monolithic (and expensive) entity. Instead, security is achieved by distributing parts of the key.
The idea is that signing does not require every part of the key and that at least half plus one is enough. This means that the unavailability of one of the signers will not be an issue.
What is the project about and what is its main goal?
The project involves the construction of an electronic signature security module (widely used, for example, in DNSSEC and financial institutions) based on the paradigm that keys are no longer stored by a single monolithic (and expensive) entity. Instead, security is achieved by distributing parts of the key.
The idea is that signing does not require every part of the key and that at least half plus one is enough. This means that the unavailability of one of the signers will not be an issue.
What progress has the project made since receiving the FRIDA Grant?
Before the FRIDA grant, the system was simply an academic prototype. The grant allowed us to transform it into a world-class system.
Who is currently using the system? What benefits does it offer users?
The system is currently being used to sign certain DNS zones under .net (using DNSSEC). In the short term, we hope to gain visibility at least within Latin America, a goal for which the support of the FRIDA program has also been important, as it has allowed us to present our work at the LACNIC / LACNOG event held in Costa Rica.
How was the project received?
We received very positive feedback at LACNIC 26. In addition, we have been contacted by .ar and other Internet infrastructure providers interested in using the system, and they have also given us good ideas on how to provide the storage/partial signing services, as distributed security does not involve major losses if only one part is compromised.
What are the next goals for the project?
We would like the entire infrastructure and operations community to be willing and able to use the system. We are also waiting for a response to the patent application we submitted.
How would you summarize your experience with FRIDA?
We had an excellent experience. Everything was very quick and expeditious and everyone was always willing to answer all our questions.
