Advertisement

Threshold Cryptosystems from Threshold Fully Homomorphic Encryption

  • Dan Boneh
  • Rosario Gennaro
  • Steven Goldfeder
  • Aayush Jain
  • Sam Kim
  • Peter M. R. Rasmussen
  • Amit Sahai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10991)

Abstract

We develop a general approach to adding a threshold functionality to a large class of (non-threshold) cryptographic schemes. A threshold functionality enables a secret key to be split into a number of shares, so that only a threshold of parties can use the key, without reconstructing the key. We begin by constructing a threshold fully-homomorphic encryption scheme (ThFHE) from the learning with errors (LWE) problem. We next introduce a new concept, called a universal thresholdizer, from which many threshold systems are possible. We show how to construct a universal thresholdizer from our ThFHE. A universal thresholdizer can be used to add threshold functionality to many systems, such as CCA-secure public-key encryption (PKE), signature schemes, pseudorandom functions, and others primitives. In particular, by applying this paradigm to a (non-threshold) lattice signature system, we obtain the first single-round threshold signature scheme from LWE.

Notes

Acknowledgements

We thank the anonymous Crypto reviewers for their helpful comments. D. Boneh and S. Kim are supported by NSF, DARPA, the Simons foundation, and a grant from ONR. R. Gennaro is supported by NSF grant 1545759. S. Goldfeder is supported by NSF Graduate Research Fellowship under grant number DGE 1148900. A. Jain, P. Rasmussen, and A. Sahai are supported by a DARPA/ARL SAFEWARE award, NSF Frontier Award 1413955, NSF grants 1619348, 1228984, 1136174, and 1065276, a Xerox Faculty Research Award, a Google Faculty Re- search Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. This material is based upon work supported by the Defense Advanced Research Projects Agency through the ARL under Contract W911NF-15-C-0205. The views expressed are those of the author and do not reflect the official policy or position of the Department of Defense, the National Science Foundation, or the U.S. Government.

References

  1. 1.
    Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_28CrossRefzbMATHGoogle Scholar
  2. 2.
    Agrawal, S., Boyen, X., Vaikuntanathan, V., Voulgaris, P., Wee, H.: Functional encryption for threshold functions (or fuzzy IBE) from lattices. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 280–297. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-30057-8_17CrossRefGoogle Scholar
  3. 3.
    Asharov, G., Jain, A., López-Alt, A., Tromer, E., Vaikuntanathan, V., Wichs, D.: Multiparty computation with low communication, computation and interaction via threshold FHE. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 483–501. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_29CrossRefGoogle Scholar
  4. 4.
    Banerjee, A., Peikert, C.: New and improved key-homomorphic pseudorandom functions. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 353–370. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44371-2_20CrossRefGoogle Scholar
  5. 5.
    Baum, C., Damgård, I., Oechsner, S., Peikert, C.: Efficient commitments and zero-knowledge protocols from Ring-SIS with applications to lattice-based threshold cryptosystems. IACR Cryptology ePrint Archive, 2016:997 (2016)Google Scholar
  6. 6.
    Beimel, A.: Ph.D. thesis. Israel Institute of Technology, Technion, Haifa, Israel (1996)Google Scholar
  7. 7.
    Bendlin, R., Damgård, I.: Threshold decryption and zero-knowledge proofs for lattice-based cryptosystems. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 201–218. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-11799-2_13CrossRefGoogle Scholar
  8. 8.
    Bendlin, R., Krehbiel, S., Peikert, C.: How to share a lattice trapdoor: threshold protocols for signatures and (H)IBE. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 218–236. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38980-1_14CrossRefzbMATHGoogle Scholar
  9. 9.
    Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36288-6_3CrossRefGoogle Scholar
  10. 10.
    Boneh, D., Boyen, X., Halevi, S.: Chosen ciphertext secure public key threshold encryption without random oracles. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 226–243. Springer, Heidelberg (2006).  https://doi.org/10.1007/11605805_15CrossRefGoogle Scholar
  11. 11.
    Boneh, D., Freeman, D.M.: Homomorphic signatures for polynomial functions. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 149–168. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-20465-4_10CrossRefGoogle Scholar
  12. 12.
    Boneh, D., et al.: Threshold cryptosystems from threshold fully homomorphic encryption. Cryptology ePrint Archive, Report 2017/956 (2017). https://eprint.iacr.org/2017/956
  13. 13.
    Boneh, D., Lewi, K., Montgomery, H., Raghunathan, A.: Key homomorphic PRFs and their applications. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 410–428. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_23CrossRefGoogle Scholar
  14. 14.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Boyen, X.: Lattice mixing and vanishing trapdoors: a framework for fully secure short signatures and more. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 499–517. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13013-7_29CrossRefGoogle Scholar
  16. 16.
    Boyle, E., Gilboa, N., Ishai, Y.: Function secret sharing. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 337–367. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46803-6_12CrossRefGoogle Scholar
  17. 17.
    Boyle, E., Gilboa, N., Ishai, Y.: Breaking the circuit size barrier for secure computation under DDH. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 509–539. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_19CrossRefGoogle Scholar
  18. 18.
    Brakerski, Z., Chandran, N., Goyal, V., Jain, A., Sahai, A., Segev, G.: Hierarchical functional encryption. In: ITCS (2016)Google Scholar
  19. 19.
    Brakerski, Z., Perlman, R.: Lattice-based fully dynamic multi-key FHE with short ciphertexts. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 190–213. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_8CrossRefGoogle Scholar
  20. 20.
    Brakerski, Z., Vaikuntanathan, V.: Constrained key-homomorphic PRFs from standard lattice assumptions - or: how to secretly embed a circuit in your PRF. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 1–30. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46497-7_1CrossRefGoogle Scholar
  21. 21.
    Canetti, R., Goldwasser, S.: An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack (extended abstract). In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 90–106. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_7CrossRefGoogle Scholar
  22. 22.
    Cayrel, P.-L., Lindner, R., Rückert, M., Silva, R.: A lattice-based threshold ring signature scheme. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 255–272. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-14712-8_16CrossRefGoogle Scholar
  23. 23.
    Choudhury, A., Loftus, J., Orsini, E., Patra, A., Smart, N.P.: Between a rock and a hard place: interpolating between MPC and FHE. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 221–240. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-42045-0_12CrossRefGoogle Scholar
  24. 24.
    De Santis, A., Micali, S., Persiano, G.: Non-interactive zero-knowledge with preprocessing. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 269–282. Springer, New York (1990).  https://doi.org/10.1007/0-387-34799-2_21CrossRefGoogle Scholar
  25. 25.
    DeSantis, A., Desmedt, Y., Frankel, Y., Yung, M.: How to share a function securely. In: STOC (1994)Google Scholar
  26. 26.
    Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, New York (1990).  https://doi.org/10.1007/0-387-34805-0_28CrossRefGoogle Scholar
  27. 27.
    Dodis, Y., Katz, J.: Chosen-ciphertext security of multiple encryption. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 188–209. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-30576-7_11CrossRefzbMATHGoogle Scholar
  28. 28.
    Frankel, Y.: A practical protocol for large group oriented networks. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 56–61. Springer, Heidelberg (1990).  https://doi.org/10.1007/3-540-46885-4_8CrossRefGoogle Scholar
  29. 29.
    Gennaro, R., Goldfeder, S., Narayanan, A.: Threshold-optimal DSA/ECDSA signatures and an application to bitcoin wallet security. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 156–174. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-39555-5_9CrossRefzbMATHGoogle Scholar
  30. 30.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. Inf. Comput. 164(1), 54–84 (2001)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Gennaro, R., Rabin, T., Jarecki, S., Krawczyk, H.: Robust and efficient sharing of RSA functions. J. Cryptol. 20(3), 393 (2007)CrossRefGoogle Scholar
  32. 32.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC (2008)Google Scholar
  33. 33.
    Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_5CrossRefGoogle Scholar
  34. 34.
    Goldreich, O.: Valiant’s polynomial-size monotone formula for majority (2014)Google Scholar
  35. 35.
    Gorbunov, S., Vaikuntanathan, V., Wichs, D.: Leveled fully homomorphic signatures from standard lattices. In: STOC (2015)Google Scholar
  36. 36.
    Dov Gordon, S., Liu, F.-H., Shi, E.: Constant-round MPC with fairness and guarantee of output delivery. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 63–82. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48000-7_4CrossRefGoogle Scholar
  37. 37.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (2006)Google Scholar
  38. 38.
    Kim, S., Wu, D.J.: Multi-theorem preprocessing NIZK from Lattices. In: Shacham, S., Boldyreva, A. (eds.) CRYPTO 2018, Part II. LNCS, vol. 10992, pp. 733–765. Springer, Cham (2018)Google Scholar
  39. 39.
    Lapidot, D., Shamir, A.: Publicly verifiable non-interactive zero-knowledge proofs. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 353–365. Springer, Heidelberg (1991).  https://doi.org/10.1007/3-540-38424-3_26CrossRefGoogle Scholar
  40. 40.
    Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 568–588. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-20465-4_31CrossRefGoogle Scholar
  41. 41.
    Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_43CrossRefGoogle Scholar
  42. 42.
    Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700–718. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_41CrossRefGoogle Scholar
  43. 43.
    Mukherjee, P., Wichs, D.: Two round multiparty computation via multi-key FHE. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 735–763. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49896-5_26CrossRefGoogle Scholar
  44. 44.
    Myers, S., Sergi, M., Shelat, A.: Threshold fully homomorphic encryption and secure computation. IACR Cryptology ePrint Archive, 2011:454 (2011)Google Scholar
  45. 45.
    Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem. In: STOC (2009)Google Scholar
  46. 46.
    Peikert, C., Shiehian, S.: Multi-key FHE from LWE, revisited. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 217–238. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53644-5_9CrossRefGoogle Scholar
  47. 47.
    Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. SIAM J. Comput. 40(6), 1803–1844 (2011)MathSciNetCrossRefGoogle Scholar
  48. 48.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 56(6), 34 (2009)MathSciNetCrossRefGoogle Scholar
  49. 49.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefGoogle Scholar
  50. 50.
    Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-45539-6_15CrossRefGoogle Scholar
  51. 51.
    Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. J. Cryptol. 15(2), 75–96 (2002)MathSciNetCrossRefGoogle Scholar
  52. 52.
    Stinson, D.R., Strobl, R.: Provably secure distributed schnorr signatures and a \(({t, n})\) threshold scheme for implicit certificates. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 417–434. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-47719-5_33CrossRefzbMATHGoogle Scholar
  53. 53.
    Valiant, L.G.: Short monotone formulae for the majority function. J. Algorithms 5, 363–366 (1984)MathSciNetCrossRefGoogle Scholar
  54. 54.
    Xie, X., Xue, R., Zhang, R.: Efficient threshold encryption from lossy trapdoor functions. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 163–178. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25405-5_11CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  • Dan Boneh
    • 1
  • Rosario Gennaro
    • 2
  • Steven Goldfeder
    • 3
  • Aayush Jain
    • 4
  • Sam Kim
    • 1
  • Peter M. R. Rasmussen
    • 4
  • Amit Sahai
    • 4
  1. 1.Stanford UniversityStanfordUSA
  2. 2.City College of New YorkNew YorkUSA
  3. 3.Princeton UniversityPrincetonUSA
  4. 4.Center for Encrypted FunctionalitiesUCLALos AngelesUSA

Personalised recommendations