Using Threshold Crypto to Protect Single Users with Multiple Devices - Ann Arbor

Duo Tech Talks
Duo Tech Talks
Public group
Location image of event venue


Hi all!

We're excited to host Erinn Atwater, PhD candidate from the University of Waterloo, in Ann Arbor for Duo Tech Talks. Erinn's research is in the field of usable security and end-to-end crypto and she'll be presenting on a topic very near and dear to my heart: threshold cryptography!

Prepare to have your minds blown about some of the previous assumptions you might have about how asymmetric crypto, key distribution, and trust operates in a threshold scheme!


Using Threshold Cryptography to Protect Single Users with Multiple Devices


The average computer user is no longer restricted to one device. They may have several devices and expect their applications to work on all of them. A challenge arises when these applications need the cryptographic private key of the devices' owner. Here the device owner typically has to manage keys manually with a "keychain" app, which leads to private keys being transferred insecurely between devices – or even to other people. Even with intuitive synchronization mechanisms, theft and malware still pose a major risk to keys. Phones and watches are frequently removed or set down, and a single compromised device leads to the loss of the owner's private key, a catastrophic failure that can be quite difficult to recover from.

We introduce Shatter, an open-source framework that runs on desktops, Android, and Android Wear, and performs key distribution on a user's behalf. Shatter uses threshold cryptography to turn the security weakness of having multiple devices into a strength. Apps that delegate cryptographic operations to Shatter have their keys compromised only when a threshold number of devices are compromised by the same attacker. We demonstrate how our framework operates with three popular Android apps (protecting identity keys for Signal and OTR apps, and encryption keys for a note-taking app) in a backwards-compatible manner: only Shatter users need to move to a Shatter-aware version of the app. Shatter has minimal impact on app performance, with signatures and decryption being calculated in 0.5s and security proofs in 14s.


Erinn is currently in the last year of her PhD in Computer Science at the University of Waterloo, where she is a member of the Cryptography, Security and Privacy (CrySP) lab and the Centre for Applied Cryptographic Research.

Her research interests span a variety of topics, mostly revolving around the obstacles that prevent widespread deployment of end-to-end encryption. Her thesis includes work on usable encrypted webmail and protecting keys across multiple devices. In the past, she has also worked on machine learning for behavioural authentication on smartphones, and genetic programming for classification of high-volume online data streams.

You can find Erinn online @errorinn or .

Livestream on Youtube: