Security Encyclopedia

Distributed Key

A distributed key is one that is generated among parties using a cryptographic process where the parties play a part in the public and private key pair’s computation.

A distributed key system differs from other public-key infrastructure (PKI) models in that a distributed key does not depend on a trusted third party. Instead, distributed key generation (DKG) uses a threshold system where a cluster of fraud-tolerant parties agree upon the key generation. In addition, no single party possesses or has access to the private key. DKG works under the assumption that the participants have already established the needed degree of trust. Some DKG protocols assume that communication is synchronous, while others make no such assumption. The issue of synchronization is a reason that DKG systems aren’t generally used over the internet. DKG generally is, however, used in encryption—to decrypt shared encrypted messages or other content, and in the creation of digital signatures, its most common use case.

In addition, DKG is the basis for some enterprise key escrow services where multiple employees need to recover a private key. It is also used in server-side password authentication so that password hashes are not stored on one server should it be breached,


“Distributed keys are often used at enterprises and settings where diffusing the risk of breach on one target (e.g. user, server) makes sense. Or, it might be regulatory requirement at a mission-critical environment such as a three-letter agency of the US government.”