Threshold and Proactive Pseudo-Random Permutations

  • Yevgeniy Dodis
  • Aleksandr Yampolskiy
  • Moti Yung
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3876)


We construct a reasonably efficient threshold and proactive pseudo-random permutation (PRP). Our protocol needs only O(1) communication rounds. It tolerates up to (n – 1)/2 of n dishonest servers in the semi-honest environment. Many protocols that use PRPs (e.g., a CBC block cipher mode) can now be translated into the distributed setting. Our main technique for constructing invertible threshold PRPs is a distributed Luby-Rackoff construction where both the secret keys and the input are shared among the servers. We also present protocols for obliviously computing pseudo-random functions by Naor-Reingold [41] and Dodis-Yampolskiy [25] with shared input and keys.


Distributed Block Ciphers Distributed Luby-Rackoff Construction Oblivious Pseudo-Random Functions Threshold Cryptography 


  1. 1.
    Algesheimer, J., Camenisch, J., Shoup, V.: Efficient computation modulo a shared secret with applications to the generation of shared safe prime products. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 417–432. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Bach, E.: Analytic Methods in the Analysis and Design of Number-Theoretic Algorithms. A.C.M. Distinguished Dissertations. MIT press, Cambridge, MA (1985)MATHGoogle Scholar
  3. 3.
    Bar-Ilan, J., Beaver, D.: Non-cryptographic fault-tolerant computing in a constant number of rounds. In: Proceedings of the ACM Symposium on Principles of Distributed Computation, pp. 201–209 (1989)Google Scholar
  4. 4.
    Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols. In: Proceedings of the 22nd Annual ACM Symposium on the Theory of Computing, pp. 503–513 (1990)Google Scholar
  5. 5.
    Ben-or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for noncryptographic fault-tolerant distributed computing. In: Proceedings of the 20th Annual ACM Symposium on the Theory of Computing, pp. 1–10 (1988)Google Scholar
  6. 6.
    Biham, E.: A fast new DES implementation in software. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 260–272. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  7. 7.
    Blaze, M., Feigenbaum, J., Naor, M.: A formal treatment of remotely keyed encryption. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 251–265. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Franklin, M.K.: Efficient generation of shared RSA keys. Journal of the Association for Computing Machinery 48(4), 702–722 (2001)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Brickell, E.F., Crescenzo, G.D., Frankel, Y.: Sharing block ciphers. In: Clark, A., Boyd, C., Dawson, E.P. (eds.) ACISP 2000. LNCS, vol. 1841, pp. 457–470. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Cachin, C., Kursawe, K., Petzold, F., Shoup, V.: Secure and efficient asynchronous broadcast protocols. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 524–541. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science, pp. 136–145 (2001)Google Scholar
  12. 12.
    Catalano, D., Gennaro, R., Halevi, S.: Computing inverses over a shared secret modulus. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 190–206. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Coppersmith, D., Odlyzko, A.M., Schroeppel, R.: Discrete logarithms in GF(p). Algorithmica 1(1), 1–15 (1986)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Damgård, I.: Collision free hash functions and public key signature schemes. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 203–216. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  15. 15.
    Damgård, I., Fitzi, M., Kiltz, E., Nielsen, J.B., Toft, T.: Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation. In: Third Theory of Cryptography Conference (to appear, 2006)Google Scholar
  16. 16.
    Damgård, I., Ishai, Y.: Constant-round multiparty computation using a blackbox pseudorandom generator. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 378–394. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system. In: Fourth International Workshop on Practice and Theory in Public Key Cryptography, pp. 119–136 (2001)Google Scholar
  18. 18.
    Desai, A.: New paradigms for constructing symmetric encryption schemes secure against chosen-ciphertext attack. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 394–412. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  19. 19.
    Desmedt, Y.: Society and group-oriented cryptography: A new concept. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 120–127. Springer, Heidelberg (1988)Google Scholar
  20. 20.
    Desmedt, Y.: Some recent research aspects of threshold cryptography. In: First International Workshop on Information Security, pp. 158–173 (1997)Google Scholar
  21. 21.
    Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, Heidelberg (1990)Google Scholar
  22. 22.
    Desmedt, Y., Frankel, Y.: Shared generation of authenticators and signatures. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 457–469. Springer, Heidelberg (1992)Google Scholar
  23. 23.
    Dodis, Y.: Efficient construction of (distributed) verifiable random functions. In: Proceedings of 6th International Workshop on Theory and Practice in Public Key Cryptography, pp. 1–17 (2003)Google Scholar
  24. 24.
    Dodis, Y., An, J.H.: Concealment and its applications to authenticated encryption. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 312–329. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  25. 25.
    Dodis, Y., Yampolskiy, A.: A verifiable random function with short proofs and keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  26. 26.
    Dodis, Y., Yung, M., Yampolskiy, A.: Threshold and proactive pseudo-random permutations. Technical Report YALEU/DCS/TR-1325, Yale University (November 2005), Available at,
  27. 27.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  28. 28.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. Inf. Comput. 164(1), 54–84 (2001)MathSciNetCrossRefMATHGoogle Scholar
  29. 29.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. Journal of the Association for Computing Machinery 33, 792–807 (1986)MathSciNetCrossRefMATHGoogle Scholar
  30. 30.
    Goldwasser, S., Micali, S.: Probabilistic encryption and how to play mental poker keeping secret all partial information. In: Proceedings of the 14th Annual ACM Symposium on the Theory of Computing, pp. 270–299 (1982)Google Scholar
  31. 31.
    Halevi, S.: EME*: Extending EME to handle arbitrary-length messages with associated data. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 315–327. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  32. 32.
    Halevi, S., Rogaway, P.: A tweakable enciphering mode. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 482–499. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  33. 33.
    Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: How to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995)Google Scholar
  34. 34.
    Joux, A., Martinet, G., Valette, F.: Blockwise-adaptive attackers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 17–30. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  35. 35.
    Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM Journal of Computing 17, 373–386 (1988)MathSciNetCrossRefMATHGoogle Scholar
  36. 36.
    Lysyanskaya, A.: Unique signatures and verifiable random functions from DH-DDH separation. In: Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology, pp. 597–612 (2002)Google Scholar
  37. 37.
    Martin, K.M., Safavi-Naini, R., Wang, H., Wild, P.R.: Distributing the encryption and decryption of a block cipher. Designs, Codes, and Cryptography (to appear, 2005)Google Scholar
  38. 38.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC press LLC, Boca Raton, FL (1997)MATHGoogle Scholar
  39. 39.
    Micali, S., Rabin, M.O., Vadhan, S.P.: Verifiable random functions. In: Proceedings of the 40th IEEE Symposium on Foundations of Computer Science, pp. 120–130 (1999)Google Scholar
  40. 40.
    Naor, M., Pinkas, B., Reingold, O.: Distributed pseudo-random functions and KDCs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 327–346. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  41. 41.
    Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudorandom functions. In: Proceedings of the 38th IEEE Symposium on Foundations of Computer Science, pp. 458–467 (1997)Google Scholar
  42. 42.
    Nielsen, J.B.: A threshold pseudorandom function construction and its applications. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 401–416. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  43. 43.
    Patel, S., Ramzan, Z., Sundaram, G.S.: Efficient constructions of variable-inputlength block ciphers. In: Selected Areas in Cryptography 2004, pp. 326–340 (2004)Google Scholar
  44. 44.
    Pedersen, T.P.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  45. 45.
    Rabin, T.: A simplified approach to threshold and proactive RSA. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 89–104. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  46. 46.
    Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority. In: Proceedings of the 21th Annual ACM Symposium on the Theory of Computing, pp. 73–85 (1989)Google Scholar
  47. 47.
    Shamir, A.: How to share a secret. Communications of the ACM 22(11), 612–613 (1979)MathSciNetCrossRefMATHGoogle Scholar
  48. 48.
    Yao, A.: Protocols for secure computation (extended abstract). In: Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science, pp. 160–164 (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Yevgeniy Dodis
    • 1
  • Aleksandr Yampolskiy
    • 2
  • Moti Yung
    • 3
  1. 1.Department of Computer ScienceNew York UniversityNew YorkUSA
  2. 2.Department of Computer ScienceYale UniversityNew HavenUSA
  3. 3.Department of Computer ScienceRSA Laboratories and Columbia UniversityNew YorkUSA

Personalised recommendations