Designs, Codes and Cryptography

, Volume 86, Issue 1, pp 17–54 | Cite as

Timed-release computational secret sharing and threshold encryption

  • Yohei Watanabe
  • Junji Shikata


In modern cryptography, a secret sharing scheme is an important cryptographic primitive. In particular, Krawczyk proposed a computational secret sharing (CSS) scheme, which is a practical, simple secret sharing scheme. In this paper, we focus on a CSS scheme with timed-release functionality, which we call a timed-release computational secret sharing (TR-CSS) scheme. In TR-CSS, participants more than or equal to a threshold number can reconstruct a secret by using their shares only when the time specified by a dealer has come. Our main purpose is to realize a TR-CSS scheme in a generic and efficient way in terms of the share size. Specifically, we first introduce a model and formalization of security of TR-CSS. In addition, we propose two kinds of constructions of TR-CSS: the first one is a simple and generic construction starting from an identity-based key encapsulation mechanism (IB-KEM); the second one, which is a more efficient construction than the first one, is built using a specific IB-KEM as the underlying IB-KEM. As a result, we can regard TR-CSS as a natural extension of Krawczyk’s CSS in terms of both a model and constructions, and we finally succeed to add timed-release functionality to Krawczyk’s CSS with small overhead, which is almost optimal. Moreover, our proposal of TR-CSS is important for constructing threshold encryption and multiple encryption with timed-release functionality in a generic and efficient way. Dodis and Katz showed (i) a simple and generic construction of threshold encryption from multiple encryption; and (ii) a simple, elegant and generic construction of multiple encryption. By using TR-CSS, we can effectively apply the Dodis–Katz paradigm even in the context of timed-release security.


Computational secret sharing Identity-based key encapsulation mechanism Multiple encryption Threshold cryptography Timed-release security 

Mathematics Subject Classification

11T71 94A60 



We would like to thank Goichiro Hanaoka and Keita Emura for helpful suggestions to improve the preliminary version of this paper, and Michel Abdalla for his valuable comment for the conference version of this paper. We would also like to than anonymous reviewers for their constructive feedbacks. The first author is supported by JSPS Research Fellowships for Young Scientists. This work (Yohei Watanabe) was supported by Grant-in-Aid for JSPS Fellows Grant Number 25\(\cdot \)3998, This work (Junji Shikata) was conducted under the auspices of the MEXT Program for Promoting the Reform of National Universities.


  1. 1.
    Abe M., Gennaro R., Kurosawa K., Shoup V.: Tag-KEM/DEM: a new framework for hybrid encryption and a new analysis of Kurosawa-Desmedt KEM. In: Cramer R. (ed.) Advances in Cryptology—EUROCRYPT 2005, vol. 3494, pp. 128–146. Springer, Berlin (2005).CrossRefGoogle Scholar
  2. 2.
    Alkassar A., Geraldy A., Pfitzmann B., Sadeghi A.R.: Optimized self-synchronizing mode of operation. In: Matsui M. (ed.) Fast Software Encryption 2001, vol. 2355, pp. 78–91. Springer, Berlin (2002).CrossRefGoogle Scholar
  3. 3.
    Béguin P., Cresti A.: General short computational secret sharing schemes. In: Guillou L., Quisquater J.J. (eds.) Advances in Cryptology—EUROCRYPT ’95, vol. 921, pp. 194–208. Springer, Berlin (1995).Google Scholar
  4. 4.
    Bellare M., Desai A., Jokipii E., Rogaway P.: A concrete security treatment of symmetric encryption. In: 38th Annual Symposium on Foundations of Computer Science, pp. 394–403 (1997). doi: 10.1109/SFCS.1997.646128.
  5. 5.
    Benaloh J., Leichter J.: Generalized secret sharing and monotone functions. In: Goldwasser S. (ed.) Advances in Cryptology—CRYPTO’ 88, vol. 403, pp. 27–35. Springer, New York (1990).CrossRefGoogle Scholar
  6. 6.
    Bentahar K., Farshim P., Malone-Lee J., Smart N.: Generic constructions of identity-based and certificateless KEMs. J. Cryptol. 21(2), 178–199 (2008).MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Blakley G.: Safeguarding cryptographic keys. In: Proceedings of the 1979 AFIPS National Computer Conference, pp. 313–317. AFIPS Press, Monval (1979).Google Scholar
  8. 8.
    Blakley B., Blakley G., Chan A., Massey J.: Threshold schemes with disenrollment. In: Brickell E. (ed.) Advances in Cryptology—CRYPTO’ 92, vol. 740, pp. 540–548. Springer, Berlin (1993).Google Scholar
  9. 9.
    Blaze M., Bleumer G., Strauss M.: Divertible protocols and atomic proxy cryptography. In: Nyberg K. (ed.) Advances in Cryptology—EUROCRYPT’98, vol. 1403, pp. 127–144. Springer, Berlin (1998).Google Scholar
  10. 10.
    Blundo C., Cresti A., Santis A., Vaccaro U.: Fully dynamic secret sharing schemes. In: Stinson D. (ed.) Advances in Cryptology—CRYPTO’ 93, vol. 773, pp. 110–125. Springer, Berlin (1994).CrossRefGoogle Scholar
  11. 11.
    Boneh D., Franklin M.: Identity-based encryption from the Weil pairing. In: Kilian J. (ed.) Advances in Cryptology—CRYPTO 2001, vol. 2139, pp. 213–229. Springer, Berlin (2001).CrossRefGoogle Scholar
  12. 12.
    Boneh D., Naor M.: Timed commitments. In: Bellare M. (ed.) Advances in Cryptology—CRYPTO 2000, vol. 1880, pp. 236–254. Springer, Berlin (2000).CrossRefGoogle Scholar
  13. 13.
    Boneh D., Di Crescenzo G., Ostrovsky R., Persiano G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J. (eds.) Advances in Cryptology—EUROCRYPT 2004. Lecture Notes in Computer Science, vol. 3027, pp. 506–522. Springer, Berlin (2004).Google Scholar
  14. 14.
    Boneh D., Boyen X., Halevi S.: Chosen ciphertext secure public key threshold encryption without random oracles. In: Pointcheval D. (ed.) Topics in Cryptology—CT-RSA 2006, vol. 3860, pp. 226–243. Springer, Berlin (2006). doi: 10.1007/11605805_15.CrossRefGoogle Scholar
  15. 15.
    Cachin C.: On-line secret sharing. In: Boyd C. (ed.) Cryptography and Coding, vol. 1025, pp. 190–198. Springer, Berlin (1995).CrossRefGoogle Scholar
  16. 16.
    Cathalo J., Libert B., Quisquater J.J.: Efficient and non-interactive timed-release encryption. In: Qing S., Mao W., López J., Wang G. (eds.) Information and Communications Security, vol. 3783, pp. 291–303. Springer, Berlin (2005).CrossRefGoogle Scholar
  17. 17.
    Chalkias K., Hristu-Varsakelis D., Stephanides G.: Improved anonymous timed-release encryption. In: Biskup J., López J. (eds.) Computer Security—ESORICS 2007, vol. 4734, pp. 311–326. Springer, Berlin (2007).CrossRefGoogle Scholar
  18. 18.
    Chan A.F., Blake I.: Scalable, server-passive, user-anonymous timed release cryptography. In: the 25th IEEE International Conference on Distributed Computing Systems, ICDCS 2015, pp. 504–513 (2005).Google Scholar
  19. 19.
    Cheon J.H., Hopper N., Kim Y., Osipkov I.: Provably secure timed-release public key encryption. ACM Trans. Inf. Syst. Secur. 11(2), 4:1–4:44 (2008). doi: 10.1145/1330332.1330336.CrossRefzbMATHGoogle Scholar
  20. 20.
    Cramer R., Gennaro R., Schoenmakers B.: A secure and optimally efficient multi-authority election scheme. In: Fumy W. (ed.) Advances in Cryptology—EUROCRYPT ’97, pp. 103–118. Springer, Berlin (1997).Google Scholar
  21. 21.
    Cramer R., Damgård I., Nielsen J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann B. (ed.) Advances in Cryptology—EUROCRYPT 2001, pp. 280–300. Springer, Berlin (2001).CrossRefGoogle Scholar
  22. 22.
    Dent A., Tang Q.: Revisiting the security model for timed-release encryption with pre-open capability. In: Garay J., Lenstra A., Mambo M., Peralta R. (eds.) Information Security, vol. 4779, pp. 158–174. Springer, Berlin (2007).CrossRefGoogle Scholar
  23. 23.
    Dodis Y., Katz J.: Chosen-ciphertext security of multiple encryption. In: Kilian J. (ed.) Theory of Cryptography, vol. 3378, pp. 188–209. Springer, Berlin (2005).CrossRefGoogle Scholar
  24. 24.
    Garay J., Jakobsson M.: Timed release of standard digital signatures. In: Blaze M. (ed.) Financial Cryptography, vol. 2357, pp. 168–182. Springer, Berlin (2003).CrossRefGoogle Scholar
  25. 25.
    Garay J., Pomerance C.: Timed fair exchange of standard signatures. In: Wright R. (ed.) Financial Cryptography, vol. 2742, pp. 190–207. Springer, Berlin (2003).CrossRefGoogle Scholar
  26. 26.
    Groth J.: Non-interactive zero-knowledge arguments for voting. In: Ioannidis J., Keromytis A., Yung M. (eds.) Applied Cryptography and Network Security, pp. 467–482. Springer, Berlin (2005).CrossRefGoogle Scholar
  27. 27.
    Herzberg A., Jarecki S., Krawczyk H., Yung M.: Proactive secret sharing or: how to cope with perpetual leakage. In: Coppersmith D. (ed.) Advances in Cryptology—CRYPTO ’95, vol. 963, pp. 339–352. Springer, Berlin (1995).Google Scholar
  28. 28.
    Ito M., Saito A., Nishizeki T.: Secret sharing scheme realizing general access structure. In: IEEE Globecom’87, pp. 99–102 (1987).Google Scholar
  29. 29.
    Karnin E., Greene J., Hellman M.: On secret sharing systems. IEEE Trans. Inf. Theory 29(1), 35–41 (1983).MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Kiltz E., Galindo D.: Direct chosen-ciphertext secure identity-based key encapsulation without random oracles. In: Batten L., Safavi-Naini R. (eds.) Information Security and Privacy, vol. 4058, pp. 336–347. Springer, Berlin (2006).CrossRefGoogle Scholar
  31. 31.
    Kiltz E., Galindo D.: Direct chosen-ciphertext secure identity-based key encapsulation without random oracles. Theor. Comput. Sci. 410(47–49), 5093–5111 (2009).MathSciNetCrossRefzbMATHGoogle Scholar
  32. 32.
    Krawczyk H.: Secret sharing made short. In: Stinson D. (ed.) Advances in Cryptology—CRYPTO ’93, vol. 773, pp. 136–146. Springer, Berlin (1994).Google Scholar
  33. 33.
    Matsuda T., Nakai Y., Matsuura K.: Efficient generic constructions of timed-release encryption with pre-open capability. In: Joye M., Miyaji A., Otsuka A. (eds.) Pairing-Based Cryptography—Pairing 2010, vol. 6487, pp. 225–245. Springer, Berlin (2010).CrossRefGoogle Scholar
  34. 34.
    May T.: Timed-release crypto. Manuscript (1993).Google Scholar
  35. 35.
    Merkle R.C., Hellman M.E.: On the security of multiple encryption. Commun. ACM 24(7), 465–467 (1981). doi: 10.1145/358699.358718.MathSciNetCrossRefGoogle Scholar
  36. 36.
    Nakai Y., Matsuda T., Kitada W., Matsuura K.: A generic construction of timed-release encryption with pre-open capability. In: Takagi T., Mambo M. (eds.) Advances in Information and Computer Security, vol. 5824, pp. 53–70. Springer, Berlin (2009).CrossRefGoogle Scholar
  37. 37.
    Rabin M.: The information dispersal algorithm and its applications. In: Capocelli R. (ed.) Sequences, pp. 406–419. Springer, New York (1990).CrossRefGoogle Scholar
  38. 38.
    Rabin M.O.: Efficient dispersal of information for security, load balancing, and fault tolerance. J. ACM 36(2), 335–348 (1989).MathSciNetCrossRefzbMATHGoogle Scholar
  39. 39.
    Rivest R.L., Shamir A., Wagner D.A.: Time-lock puzzles and timed-release crypto. Tech. Rep. Technical memo MIT/LCS/TR-684, MIT Laboratory for Computer Science (1996). (Revision 3/10/96).Google Scholar
  40. 40.
    Rogaway P., Bellare M.: Robust computational secret sharing and a unified account of classical secret-sharing goals. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS ’07, pp. 172–184. ACM, New York (2007). doi: 10.1145/1315245.1315268.
  41. 41.
    Shamir A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979). doi: 10.1145/359168.359176.MathSciNetCrossRefzbMATHGoogle Scholar
  42. 42.
    Shoup V.: A proposal for an ISO standard for public key encryption. Cryptology ePrint Archive, Report 2001/112 (2001).
  43. 43.
    Shoup V., Gennaro R.: Securing threshold cryptosystems against chosen ciphertext attack. In: Nyberg K. (ed.) Advances in Cryptology—EUROCRYPT ’98, vol. 1403, pp. 1–16. Springer, Berlin (1998).Google Scholar
  44. 44.
    Sung J., Lee S., Lim J., Lee W., Yi O.: Concrete security analysis of CTR-OFB and CTR-CFB modes of operation. In: Kim K. (ed.) Information Security and Cryptology—ICISC 2001, vol. 2288, pp. 103–113. Springer, Berlin (2002).CrossRefGoogle Scholar
  45. 45.
    Watanabe Y., Shikata J.: Timed-release computational secret sharing scheme and its applications. In: Chow S., Liu J., Hui L., Yiu S. (eds.) Provable Security, vol. 8782, pp. 326–333. Springer International Publishing, New York (2014).Google Scholar
  46. 46.
    Watanabe Y., Shikata J.: Timed-release secret sharing schemes with information theoretic security. In: Ors B., Preneel B. (eds.) Cryptography and Information Security in the Balkans, vol. 9024, pp. 219–236. Springer International Publishing, New York (2015).CrossRefGoogle Scholar
  47. 47.
    Waters B.: Efficient identity-based encryption without random oracles. In: Cramer R. (ed.) Advances in Cryptology—EUROCRYPT 2005, vol. 3494, pp. 114–127. Springer, Berlin (2005).CrossRefGoogle Scholar
  48. 48.
    Wee H.: Déjà Q: Encore! un petit IBE. In: Kushilevitz E., Malkin T. (eds.) Theory of Cryptography, TCC 2016-A, Part II, pp. 237–258. Springer, Berlin (2016).Google Scholar
  49. 49.
    Zhang R., Hanaoka G., Shikata J., Imai H.: On the security of multiple encryption or CCA-security+CCA-security=CCA-security? In: Bao F., Deng R., Zhou J. (eds.) Public Key Cryptography—PKC 2004, vol. 2947, pp. 360–374. Springer, Berlin (2004).CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  1. 1.Graduate School of Environment and Information SciencesYokohama National UniversityYokohamaJapan
  2. 2.Graduate School of Informatics and EngineeringThe University of Electro-CommunicationsChofuJapan
  3. 3.Information Technology Research Institute (ITRI)National Institute of Advanced Industrial Science and Technology (AIST)TokyoJapan
  4. 4.Institute of Advanced SciencesYokohama National UniversityYokohamaJapan

Personalised recommendations