Skip to main content
SpringerLink
Log in

Threshold Linearly Homomorphic Encryption on \(\textbf{Z}/2^k\textbf{Z}\)

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2022 (ASIACRYPT 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13792))

Abstract

A threshold public key encryption protocol is a public key system where the private key is distributed among n different servers. It offers high security since no single server is entrusted to perform the decryption in its entirety. It is the core component of many multiparty computation protocols which involves mutually distrusting parties with common goals. It is even more useful when it is homomorphic, which means that public operations on ciphertexts translate to operations on the underlying plaintexts. In particular, Cramer, Damgård and Nielsen at Eurocrypt 2001 provided a new approach to multiparty computation from linearly homomorphic threshold encryption schemes. On the other hand, there has been recent interest in developing multiparty computations modulo \(2^k\) for a certain integer k, that closely match data manipulated by a CPU. Multiparty computation would therefore benefit from an encryption scheme with such a message space that would support a distributed decryption.

In this work, we provide the first threshold linearly homomorphic encryption whose message space is \(\textbf{Z}/2^k\textbf{Z}\) for any k. It is inspired by Castagnos and Laguillaumie’s encryption scheme from RSA 2015, but works with a class group of discriminant whose factorisation is unknown.

Its natural structure à la Elgamal makes it possible to distribute the decryption among servers using linear integer secret sharing, allowing any access structure for the decryption policy. Furthermore its efficiency and its flexibility on the choice of the message space make it a good candidate for applications to multiparty computation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Restricted Multiplication Straight-line Programs. This class captures polynomial-size branching programs, which includes arbitrary logspace computations and NC1 circuits.

References

  1. Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_30

    Chapter  Google Scholar 

  2. Benaloh, J., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27–35. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_3

    Chapter  Google Scholar 

  3. Benhamouda, F., Herranz, J., Joye, M., Libert, B.: Efficient cryptosystems from \(2^k\)-th power residue symbols. J. Cryptol. 30(2), 519–549 (2017)

    Article  MATH  Google Scholar 

  4. Biasse, J.-F., Jacobson, M.J., Silvester, A.K.: Security estimates for quadratic field based cryptosystems. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol. 6168, pp. 233–247. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14081-5_15

    Chapter  Google Scholar 

  5. Block, A.R., Holmgren, J., Rosen, A., Rothblum, R.D., Soni, P.: Time- and space-efficient arguments from groups of unknown order. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12828, pp. 123–152. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84259-8_5

    Chapter  Google Scholar 

  6. Boyle, E., Couteau, G., Gilboa, N., Ishai, Y., Kohl, L., Scholl, P.: Efficient pseudorandom correlation generators: silent OT extension and more. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 489–518. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_16

    Chapter  Google Scholar 

  7. Boyle, E., Gilboa, N., Ishai, Y.: Function secret sharing. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 337–367. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_12

    Chapter  Google Scholar 

  8. Boyle, E., Gilboa, N., Ishai, Y.: Breaking the circuit size barrier for secure computation under DDH. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 509–539. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_19

    Chapter  Google Scholar 

  9. Boyle, E., Gilboa, N., Ishai, Y.: Group-based secure computation: optimizing rounds, communication, and computation. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 163–193. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_6

    Chapter  Google Scholar 

  10. Buchmann, J., Thiel, C., Williams, H.: Short representation of quadratic integers. In: Bosma, W., van der Poorten, A. (eds.) Computational Algebra and Number Theory. MAIA, vol. 325, pp. 159–185. Springer, Dordrecht (1995). https://doi.org/10.1007/978-94-017-1108-1_12

    Chapter  Google Scholar 

  11. Buchmann, J., Vollmer, U.: Binary Quadratic Forms: An Algorithmic Approach. Algorithms and Computation in Mathematics, Springer, Berlin (2007). https://doi.org/10.1007/978-3-540-46368-9

    Book  MATH  Google Scholar 

  12. Buchmann, J., Williams, H.C.: A key-exchange system based on imaginary quadratic fields. J. Cryptol. 1(2), 107–118 (1988). https://doi.org/10.1007/BF02351719

    Article  MathSciNet  MATH  Google Scholar 

  13. Bünz, B., Fisch, B., Szepieniec, A.: Transparent SNARKs from DARK compilers. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 677–706. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_24

    Chapter  Google Scholar 

  14. Castagnos, G., Catalano, D., Laguillaumie, F., Savasta, F., Tucker, I.: Two-party ECDSA from hash proof systems and efficient instantiations. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 191–221. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_7

    Chapter  Google Scholar 

  15. Castagnos, G., Catalano, D., Laguillaumie, F., Savasta, F., Tucker, I.: Bandwidth-efficient threshold EC-DSA. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12111, pp. 266–296. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45388-6_10

    Chapter  Google Scholar 

  16. Castagnos, G., Laguillaumie, F.: On the security of cryptosystems with quadratic decryption: the nicest cryptanalysis. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 260–277. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_15

    Chapter  Google Scholar 

  17. Castagnos, G., Laguillaumie, F.: Linearly homomorphic encryption from \(\sf DDH\). In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 487–505. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16715-2_26

    Chapter  Google Scholar 

  18. Castagnos, G., Laguillaumie, F., Tucker, I.: Practical fully secure unrestricted inner product functional encryption modulo p. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 733–764. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_25

    Chapter  Google Scholar 

  19. Catalano, D., Di Raimondo, M., Fiore, D., Giacomelli, I.: Mon\(\mathbb{Z}_{2^{k}}\)a: fast maliciously secure two party computation on \(\mathbb{Z}_{2^{k}}\). In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12111, pp. 357–386. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45388-6_13

    Chapter  Google Scholar 

  20. Catalano, D., Fiore, D.: Using linearly-homomorphic encryption to evaluate degree-2 functions on encrypted data. In: CCS 2015, pp. 1518–1529. ACM (2015)

    Google Scholar 

  21. Chen, M., et al.: Diogenes: lightweight scalable RSA modulus generation with a dishonest majority. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 590–607 (2021)

    Google Scholar 

  22. Cox, D.: Primes of the Form \(x^2+ny^2\): Fermat, Class Field Theory, and Complex Multiplication. Pure and Applied Mathematics. Wiley, Hoboken (2014)

    Google Scholar 

  23. Cramer, R., Damgård, I., Escudero, D., Scholl, P., Xing, C.: SPD\(\mathbb{Z}_{2^k}\): efficient MPC mod \(2^k\) for dishonest majority. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 769–798. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_26

    Chapter  Google Scholar 

  24. Cramer, R., Damgård, I., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–300. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_18

    Chapter  Google Scholar 

  25. Cramer, R., Fehr, S.: Optimal black-box secret sharing over arbitrary abelian groups. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 272–287. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_18

    Chapter  Google Scholar 

  26. Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44586-2_9

    Chapter  MATH  Google Scholar 

  27. Damgård, I., Thorbek, R.: Linear integer secret sharing and distributed exponentiation. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 75–90. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_6

    Chapter  Google Scholar 

  28. Das, P., Jacobson, M.J., Scheidler, R.: Improved efficiency of a linearly homomorphic cryptosystem. In: Carlet, C., Guilley, S., Nitaj, A., Souidi, E.M. (eds.) C2SI 2019. LNCS, vol. 11445, pp. 349–368. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-16458-4_20

    Chapter  Google Scholar 

  29. Deng, Y., Ma, S., Zhang, X., Wang, H., Song, X., Xie, X.: Promise \(\Sigma \)-protocol: how to construct efficient threshold ECDSA from encryptions based on class groups. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 557–586. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92068-5_19

    Chapter  Google Scholar 

  30. Devevey, J., Libert, B., Nguyen, K., Peters, T., Yung, M.: Non-interactive CCA2-secure threshold cryptosystems: achieving adaptive security in the standard model without pairings. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12710, pp. 659–690. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75245-3_24

    Chapter  Google Scholar 

  31. Dinur, I., Keller, N., Klein, O.: An optimal distributed discrete log protocol with applications to homomorphic secret sharing. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 213–242. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_8

    Chapter  Google Scholar 

  32. Dobson, S., Galbraith, S., Smith, B.: Trustless unknown-order groups. Math. Cryptol. 1(1), 1–15 (2021)

    Google Scholar 

  33. Fazio, N., Gennaro, R., Jafarikhah, T., Skeith, W.E.: Homomorphic secret sharing from Paillier encryption. In: Okamoto, T., Yu, Y., Au, M.H., Li, Y. (eds.) ProvSec 2017. LNCS, vol. 10592, pp. 381–399. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68637-0_23

    Chapter  Google Scholar 

  34. Fouque, P.-A., Poupard, G., Stern, J.: Sharing decryption in the context of voting or lotteries. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 90–104. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45472-1_7

    Chapter  Google Scholar 

  35. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Crypto. 20(1), 51–83 (2007). https://doi.org/10.1007/s00145-006-0347-3

    Article  MathSciNet  MATH  Google Scholar 

  36. Gilboa, N.: Two party RSA key generation. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 116–129. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_8

    Chapter  Google Scholar 

  37. Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)

    Article  MathSciNet  MATH  Google Scholar 

  38. Hoory, S., Magen, A., Pitassi, T.: Monotone circuits for the majority function. In: Díaz, J., Jansen, K., Rolim, J.D.P., Zwick, U. (eds.) APPROX/RANDOM -2006. LNCS, vol. 4110, pp. 410–425. Springer, Heidelberg (2006). https://doi.org/10.1007/11830924_38

    Chapter  Google Scholar 

  39. Hühnlein, D., Jacobson, M.J., Paulus, S., Takagi, T.: A cryptosystem based on non-maximal imaginary quadratic orders with fast decryption. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 294–307. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054134

    Chapter  Google Scholar 

  40. Jacobson, M.J., van der Poorten, A.J.: Computational aspects of NUCOMP. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 120–133. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45455-1_10

    Chapter  Google Scholar 

  41. Joye, M., Libert, B.: Efficient cryptosystems from 2k-th power residue symbols. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 76–92. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_5

    Chapter  Google Scholar 

  42. Katz, J., Yung, M.: Threshold cryptosystems based on factoring. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 192–205. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36178-2_12

    Chapter  Google Scholar 

  43. Lagarias, J.: Worst-case complexity bounds for algorithms in the theory of integral quadratic forms. J. Algorithms 1(2), 142–186 (1980)

    Article  MathSciNet  MATH  Google Scholar 

  44. Lai, R.W.F., Malavolta, G.: Subvector commitments with application to succinct arguments. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 530–560. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_19

    Chapter  Google Scholar 

  45. Lipmaa, H.: Secure accumulators from Euclidean rings without trusted setup. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 224–240. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31284-7_14

    Chapter  Google Scholar 

  46. McCurley, K.S.: Cryptographic key distribution and computation in class groups. In: NATO Advanced Study Institutes on Number Theory and Applications. Kluwer (1989)

    Google Scholar 

  47. Orlandi, C., Scholl, P., Yakoubov, S.: The rise of Paillier: homomorphic secret sharing and public-key silent OT. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 678–708. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_24

    Chapter  Google Scholar 

  48. Orsini, E., Smart, N.P., Vercauteren, F.: Overdrive2k: efficient secure MPC over \(\mathbb{Z}_{2^k}\) from somewhat homomorphic encryption. In: Jarecki, S. (ed.) CT-RSA 2020. LNCS, vol. 12006, pp. 254–283. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-40186-3_12

    Chapter  Google Scholar 

  49. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_16

    Chapter  Google Scholar 

  50. PARI Group, Univ. Bordeaux. PARI/GP version 2.11.4 (2020)

    Google Scholar 

  51. Paulus, S., Takagi, T.: A new public-key cryptosystem over a quadratic order with quadratic decryption time. J. Cryptol. 13(2), 263–272 (2000). https://doi.org/10.1007/s001459910010

    Article  MathSciNet  MATH  Google Scholar 

  52. Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: 40th ACM STOC, pp. 187–196. ACM Press (2008)

    Google Scholar 

  53. Thorbek, R.: Linear integer secret sharing. Ph.D. thesis, Department of Computer Science, University of Aarhus (2009)

    Google Scholar 

  54. Thyagarajan, S.A.K., Castagnos, G., Laguillaumie, F., Malavolta, G.: Efficient CCA timed commitments in class groups. In: ACM CCS 2021, pp. 2663–2684 (2021)

    Google Scholar 

  55. Tucker, I.: Functional encryption and distributed signatures based on projective hash functions, the benefit of class groups. Ph.D. thesis, Université de Lyon (2020)

    Google Scholar 

  56. Valiant, L.: Short monotone formulae for the majority function. J. Algorithms 5(3), 363–366 (1984)

    Article  MathSciNet  MATH  Google Scholar 

  57. Wesolowski, B.: Efficient verifiable delay functions. J. Cryptol. 33(4), 2113–2147 (2020). https://doi.org/10.1007/s00145-020-09364-x

    Article  MathSciNet  MATH  Google Scholar 

  58. Yuen, T.H., Cui, H., Xie, X.: Compact zero-knowledge proofs for threshold ECDSA with trustless setup. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12710, pp. 481–511. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75245-3_18

    Chapter  Google Scholar 

Download references

Acknowledgements

We thank Dario Catalano for helpful early discussions about these results and the anonymous reviewers for their comments in improving the work. This work was partially supported by the French ANR SANGRIA project (ANR-21-CE39-0006) and the French PEPR Cybersecurité SecureCompute project (ANR-22-PECY-0003). This work also recieved funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation program under projects PICOCRYPT (grant agreement No. 101001283), and TERMINET (grant agreement No. 957406), by the Spanish Government under projects SCUM (ref. RTI2018-102043-B-I00), by the Madrid Regional Government under project BLOQUES (ref. S2018/TCS-4339), and by a grant from Nomadic Labs and the Tezos foundation.

Author information

Authors and Affiliations

  1. Université de Bordeaux, CNRS, INRIA, IMB, UMR 5251, 33400, Talence, France

    Guilhem Castagnos

  2. LIRMM, Université de Montpellier, CNRS, Montpellier, France

    Fabien Laguillaumie

  3. IMDEA Software Institute, Madrid, Spain

    Ida Tucker

  4. Zondax AG, Zug, Switzerland

    Ida Tucker

Authors
  1. Guilhem Castagnos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabien Laguillaumie
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ida Tucker
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guilhem Castagnos .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Madras, Chennai, India

    Shweta Agrawal

  2. Chinese Academy of Sciences, Beijing, China

    Dongdai Lin

Rights and permissions

Reprints and permissions

Copyright information

© 2022 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Castagnos, G., Laguillaumie, F., Tucker, I. (2022). Threshold Linearly Homomorphic Encryption on \(\textbf{Z}/2^k\textbf{Z}\). In: Agrawal, S., Lin, D. (eds) Advances in Cryptology – ASIACRYPT 2022. ASIACRYPT 2022. Lecture Notes in Computer Science, vol 13792. Springer, Cham. https://doi.org/10.1007/978-3-031-22966-4_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22966-4_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22965-7

  • Online ISBN: 978-3-031-22966-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation