Technology

Our threshold cryptographic solutions are made possible through the application of multiparty computation (MPC). MPC is a cryptographic technology that allows a number of parties to compute on encrypted data, without sharing the data between parties.

The founders of Sepior have been at the frontier of R&D, implementation and commercial use of MPC for years. The Chief cryptographer in Sepior is Professor Ivan B. Damgård, winner of the prestigious RSA Award for Excellence in the Field of Mathematics in 2015 and fellow of the IACR (International Association for Cryptologic Research) since 2010. Similarly, Sepior’s Chief Technology Officer, Jakob Pagter, as well as Ivan and others on the Sepior team were members of one of the first teams to implement MPC in live business operations as part of the Danish Sugar Beet Auctions beginning in 2008.

Since those early days, Sepior has expanded the scope and optimized the performance of MPC by a factor of 1,000,000. As a result, MPC is now applicable to a far wider range of use cases.

Most recently, Sepior led the formation of the MPC Alliance, in collaboration with other innovators in the MPC space. We invite you to visit the MPC Alliance website to learn more.

Threshold cryptography using MPC can compute a particular result, such as the code used to encrypt or decrypt data by requiring just t of n shares, without having to reveal the secret shares between any of the parties. Threshold cryptography with MPC can use mathematical techniques to achieve NIST-approved algorithms such as RSA and DSA signatures, and AES enciphering and deciphering, without ever creating a conventional whole key. Eliminating the creation of a whole key on any physical or virtual machine, at any time, effectively eliminates the conventional risks of key theft from those devices.

Sepior’s implementations of threshold cryptography incorporate secret sharing, thresholds, and MPC to provide industry leading key management solutions that operate in completely virtualized environments, in concert with any physical or virtual client devices.

Secret sharing is a fundamental technique used in cryptography. It enables a secret, such as an encryption key used to sign-off or otherwise approve a transaction, to be split into multiple (n) shares which are distributed across multiple parties. This reduces the potential for a key to be stolen when one of the parties becomes compromised.

Verifiable secret sharing also enables the detection of misuse or corruption by a shareholder. The corruption of a single share could potentially affect the integrity of a recombined key. Sepior’s secret sharing model allows for the generation of a new share to replace any share, without having to create a new key and distribute new shares to all parties. This enables maximum system integrity and availability with operational simplicity.

With conventional cryptography models, all of the shares must be recombined to recreate a whole key which can then be used by for cryptographic functions. If one or more shares is unavailable, the key cannot be recreated from the partial shares and transaction approvals may become delayed or prevented. When all shares are recombined to form a whole key which is stored on a device, the key then becomes at risk to be copied or stolen.

Sepior’s threshold model provides the ability to reconstruct lost or corrupted key shares from a threshold (t) number of shares, but not from fewer than t shares. This approach protects the secrecy and the availability of the key, even if one or multiple parties with key shares become compromised, as long as fewer than n-t systems are affected. This results in increased integrity and availability of key management for increased security.

However, secrets and thresholds alone do not mitigate the risks of key theft when a whole key is recreated.