Tandem: Securing Keys by Using a Central Server While Preserving Privacy

Wouter Lueks, Brinda Hampiholi, Greg Alpár, Carmela Troncoso

Research output: Chapter in Book/Report/Conference proceedingConference Article in proceedingAcademicpeer-review


Users' devices, e.g., smartphones or laptops, are typically incapable of securely storing and processing cryptographic keys. We present Tandem, a novel set of protocols for securing cryptographic keys with support from a central server. Tandem uses one-time-use key-share tokens to, unlike traditional threshold-cryptographic solutions, preserve users' privacy with respect to a malicious central server. Additionally, Tandem enables users to block their keys if they lose their shares, and it enables the server to limit how often an adversary can use an unblocked key. We prove Tandem's security and privacy properties, and we empirically show that it causes little overhead using a proof of concept implementation. To illustrate Tandem's advantages we use it to secure attribute-based credentials keys using a central server without hurting the privacy properties provided by the credential system.
Original languageEnglish
Title of host publicationProceedings on Privacy Enhancing Technologies
EditorsKostas Chatzikokolakis, Aaron Johnson
Number of pages29
Publication statusPublished - 17 Aug 2020
EventPrivacy Enhancing Technologies Symposium - Online
Duration: 13 Jul 202016 Jul 2020
Conference number: 2020


SymposiumPrivacy Enhancing Technologies Symposium
Abbreviated titlePETS
Internet address


  • privacy
  • cryptography


Dive into the research topics of 'Tandem: Securing Keys by Using a Central Server While Preserving Privacy'. Together they form a unique fingerprint.

Cite this