This paper presents a secure distributed key generation (DKG) protocol for discrete-log based cryptosystems, addressing the insecurity of Pedersen's original DKG protocol. The authors show that Pedersen's protocol does not guarantee a uniform distribution of generated keys, allowing an active attacker to bias the output distribution. They propose a new DKG protocol that ensures a uniform distribution and satisfies the security requirements of DKG protocols. The new protocol is more efficient than Pedersen's in terms of computation and communication, but requires two rounds of communication instead of one. The paper also shows that Pedersen's protocol can be used in certain threshold cryptosystems where relaxed security properties are acceptable, such as threshold Schnorr signature schemes. The authors analyze the trade-offs between security, computation, and communication in DKG protocols and demonstrate that their new protocol provides stronger security guarantees. The paper also discusses the use of DKG protocols in other applications, such as generating randomizers in threshold signature schemes and proactive secret sharing. The authors provide a formal definition of security for DKG protocols and present a rigorous proof of the security of their new protocol. The paper concludes with a detailed comparison of the efficiency trade-offs between the new DKG protocol and Pedersen's protocol.This paper presents a secure distributed key generation (DKG) protocol for discrete-log based cryptosystems, addressing the insecurity of Pedersen's original DKG protocol. The authors show that Pedersen's protocol does not guarantee a uniform distribution of generated keys, allowing an active attacker to bias the output distribution. They propose a new DKG protocol that ensures a uniform distribution and satisfies the security requirements of DKG protocols. The new protocol is more efficient than Pedersen's in terms of computation and communication, but requires two rounds of communication instead of one. The paper also shows that Pedersen's protocol can be used in certain threshold cryptosystems where relaxed security properties are acceptable, such as threshold Schnorr signature schemes. The authors analyze the trade-offs between security, computation, and communication in DKG protocols and demonstrate that their new protocol provides stronger security guarantees. The paper also discusses the use of DKG protocols in other applications, such as generating randomizers in threshold signature schemes and proactive secret sharing. The authors provide a formal definition of security for DKG protocols and present a rigorous proof of the security of their new protocol. The paper concludes with a detailed comparison of the efficiency trade-offs between the new DKG protocol and Pedersen's protocol.