How to Share a Lattice Trapdoor: Threshold Protocols for Signatures and (H)IBE

  • Rikke Bendlin
  • Sara Krehbiel
  • Chris Peikert
Conference paper

DOI: 10.1007/978-3-642-38980-1_14

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7954)
Cite this paper as:
Bendlin R., Krehbiel S., Peikert C. (2013) How to Share a Lattice Trapdoor: Threshold Protocols for Signatures and (H)IBE. In: Jacobson M., Locasto M., Mohassel P., Safavi-Naini R. (eds) Applied Cryptography and Network Security. ACNS 2013. Lecture Notes in Computer Science, vol 7954. Springer, Berlin, Heidelberg

Abstract

We develop secure threshold protocols for two important operations in lattice cryptography, namely, generating a hard lattice Λ together with a “strong” trapdoor, and sampling from a discrete Gaussian distribution over a desired coset of Λ using the trapdoor. These are the central operations of many cryptographic schemes: for example, they are exactly the key-generation and signing operations (respectively) for the GPV signature scheme, and they are the public parameter generation and private key extraction operations (respectively) for the GPV IBE. We also provide a protocol for trapdoor delegation, which is used in lattice-based hierarchical IBE schemes. Our work therefore directly transfers all these systems to the threshold setting.

Our protocols provide information-theoretic (i.e., statistical) security against adaptive corruptions in the UC framework, and they are robust against up to ℓ/2 semi-honest or ℓ/3 malicious parties (out of ℓ total). Our Gaussian sampling protocol is both noninteractive and efficient, assuming either a trusted setup phase (e.g., performed as part of key generation) or a sufficient amount of interactive but offline precomputation, which can be performed before the inputs to the sampling phase are known.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Rikke Bendlin
    • 1
  • Sara Krehbiel
    • 2
  • Chris Peikert
    • 2
  1. 1.Department of Computer ScienceAarhus UniversityDenmark
  2. 2.School of Computer ScienceGeorgia Institute of TechnologyUSA

Personalised recommendations