[1] Distributed key generation is commonly used to decrypt shared ciphertexts or create group digital signatures.
[3] In 1999, Rosario Gennaro, Stanislaw Jarecki, Hugo Krawczyk, and Tal Rabin produced a series of security proofs demonstrating that Feldman verifiable secret sharing was vulnerable to malicious contributions to Pedersen's distributed key generator that would leak information about the shared private key.
[5] In 2009, Aniket Kate and Ian Goldberg presented a Distributed key generation protocol suitable for use over the Internet.
[6] Unlike earlier constructions, this protocol does not require a broadcast channel or the synchronous communication assumption, and a ready-to-use library is available.
[5] For example, robust multi-party digital signatures can tolerate a number of malicious users roughly proportionate to the length of the modulus used during key generation.
[7] Distributed key generators can implement a sparse evaluation matrix in order to improve efficiency during verification stages.
This results in a small probability that the key generation will fail in the case that a large number of malicious shares are not chosen for verification.
This way a company can require multiple employees to recover a private key without giving the escrow service a plaintext copy.
Variations of distributed key generation can authenticate user passwords across multiple servers and eliminate single points of failure.