Federated Distributed Key Generation

TL;DR

This work introduces Federated Distributed Key Generation (FDKG), a two-round protocol enabling optional participation and heterogeneous trust through guardian sets, addressing limitations of classical DKG in dynamic networks. Each participant selects a guardian set and local threshold to distribute a partial secret, allowing reconstruction either directly or via guardians, with liveness and privacy characterized by the guardian topology. The authors provide a formal security analysis under standard PVSS/PKE/NIZK assumptions, plus liveness simulations under churn, and demonstrate an application to an FDKG-enabled voting protocol using threshold ElGamal and NIZK proofs. Performance evaluation highlights the trade-offs between guardian-set size, proving time, and communication, and suggests hierarchical deployments and alternative NIZK backends to improve efficiency. The work positions FDKG as a versatile primitive for robust, scalable threshold cryptography in open and time-critical settings, with future avenues including proactive resharing, adaptive adversary resistance, and transparent-setup SNARK/STARK variants.

Abstract

Distributed Key Generation (DKG) underpins threshold cryptography in many systems, including decentralized wallets, validator key ceremonies, cross-chain bridges, threshold signatures, secure multiparty computation, and internet voting. Classical ($t$,$n$)-DKG assumes a fixed group of n parties and a global threshold $t$, requiring full and timely participation. When actual participation deviates, the setup must abort or restart, which is impractical in open or time-critical environments where $n$ is large and availability unpredictable. We introduce Federated Distributed Key Generation (FDKG), inspired by Federated Byzantine Agreement, that makes participation optional and trust heterogeneous. Each participant selects a personal guardian set $G_i$ of size $k$ and a local threshold $t$. Its partial secret can later be reconstructed either by itself or by any t of its guardians. FDKG generalizes PVSS-based DKG and completes both generation and reconstruction in a single broadcast round each, with total communication proportional to $n k$ and at most $O(n^2)$ for reconstruction. Our analysis shows that (i) generation ensures correctness, privacy, and robustness under standard PVSS-based DKG assumptions, and (ii) reconstruction provides liveness and privacy characterized by the guardian-set topology {$G_i$}. Liveness holds if no participant $i$ is corrupted together with at least $k-t+1$ of its guardians. Conversely, privacy is preserved unless the corrupted subset is itself reconstruction-capable.

Figures (9)

• Figure 1: Comparison of trust models in distributed systems: centralized trust (one authority), distributed trust (multiple authorities), and federated trust (peer-to-peer with individually chosen trusted groups).
• Figure 2: Visual comparison of $(k=10,t=5)$-DKG protocol (above) and $(n=10, k=3, t=2)$-FDKG (below)
• Figure 3: ER (left) vs. BA (right) guardian-selection examples for $n=100, p=0.3, r=0.9, k=5, t=3$. Gray: absent; green: present in both rounds; blue: Round 1 only; orange: Round 2 only.
• Figure 4: Success vs. participation $p$ (top) and retention $r$ (bottom) at $n=100$ with $t=k/4$. Line styles encode the other axis; colors encode $k$.
• Figure 5: Success over $(k,t)$ for $n=100$, $p=0.8$, with $r=0.5$ (top) and $r=0.9$ (bottom). Darker indicates higher success. Higher $r$ expands the feasible region (larger $t$ at fixed $k$).

Theorems & Definitions (12)

• Theorem 1: Generation: Correctness, Privacy, Robustness
• proof : Proof sketch
• Theorem 2: Reconstruction: Correctness
• proof : Proof sketch
• Theorem 3: Reconstruction: Privacy
• proof : Proof sketch
• Theorem 4: Reconstruction: Liveness
• Theorem 4: Reconstruction: Liveness
• proof : Proof sketch
• Lemma 1: Zero-knowledge step