Cryptographic Primitives

In Threshold Cryptography each cryptographic primitive can be implemented using different MPC protocols. Each protocol will have its own characteristics in terms of performance and the possible options for choosing t and n.

A TSM instance has a fixed choice of t and n, and depending on the choice of these parameters a different set of primitives may be available.

The column (n,t) choices lists standard TSM configurations for the primitive in question. In many cases other choices are possible.

Notice that in some cases there is also an operational threshold, o, which specifies the number nodes needed to execute an operation (beyond key generation) without re-construction the underlying key. For further details please get in touch.

AES-ECBKey size 128Encrypt, Decrypt(2,1), (3,1)
AES-CBCKey size 128Encrypt, Decrypt(2,1), (3,1)
AES-CMACKey size 128Sign, Verify(2,1), (3,1)
AES-GCMKey size 128Encrypt, Decrypt(2,1), (3,1)
AES-CTRKey size 128Encrypt, Decrypt(2,1), (3,1)
Sepior Stream CipherKey size 128Encrypt, Decrypt(2,1), (3,1)
HMAC-SHA2-256Keysize 2048, 3072, 4096Sign, Verify(2,1), (3,1)
HMAC-SHA2-512Keysize 2048, 3072, 4096Sign, Verify(2,1), (3,1)
RSA PSSKeysize 2048, 3072, 4096Sign, Verify(3,1)
RSA OAEPKeysize 2048, 3072, 4096Encrypt, Decrypt(3,1)
RSA PKCS#1v1.5Keysize 2048, 3072, 4096Encrypt, Decrypt, Sign, Verify(3,1)
RSA x.509 (raw)Key size 2048, 3072, 4096Encrypt, Sign(3,1)
ECDSACurves: Secp256k1, P-256, P-384, P-521Sign, Verify(2,1), (3,1)
EdDSACurves: Ed25519, Ed448Sign, Verify(3,1)
ECDHCurves: Secp256k1, P-256, P-384, P-521Key agreement(3,1)


See information on our Web-based admin tool to better understand how different primitives and underlying protocols can be configured for a TSM.


Sepiors MPC solutions are based on public research (some of which was performed by the Sepior team), this includes protocols from the following research papers:

  • [MRZ15] Payman Mohassel, Mike Rosulek, Ye Zhang: Fast and Secure Three-party Computation: The Garbled Circuit Approach. CCS 2015: 591-602
  • [WRK17] Xiao Wang, Samuel Ranellucci, Jonathan Katz: Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation. CCS 2017: 21-37
  • [DKLs18] Jack Doerner, Yashvanth Kondi, Eysa Lee, Abhi Shelat:
    Secure Two-party Threshold ECDSA from ECDSA Assumptions. IEEE Symposium on Security and Privacy 2018: 980-997
  • [DJNP+18] Ivan Damgård, Thomas Pelle Jakobsen, Jesper Buus Nielsen, Jakob Illeborg Pagter, Michael Bæksvang Østergård: Fast Threshold ECDSA with Honest Majority. SCN 2020: 382-400
  • [DKLs19] Jack Doerner, Yashvanth Kondi, Eysa Lee, Abhi Shelat: Threshold ECDSA from ECDSA Assumptions: The Multiparty Case. IEEE Symposium on Security and Privacy 2019: 1051-1066