Skip to Main content Skip to Navigation
Journal articles

Adaptively Secure Non-interactive CCA-Secure Threshold Cryptosystems: Generic Framework and Constructions

Abstract : In threshold cryptography, private keys are divided into n shares, each one of which is given to a different server in order to avoid single points of failure. In the case of threshold public-key encryption, at least t out of n servers need to contribute to the decryption process. A threshold primitive is said robust if no coalition of t malicious servers can prevent remaining honest servers from successfully completing private key operations. Non-interactive schemes, considered the most practical ones, allow servers to contribute to decryption without interactions. So far, most non-interactive threshold cryptosystems were only proved secure against static corruptions. In the adaptive corruption scenario (where the adversary can corrupt servers at any time, based on its complete view), all existing robust threshold encryption schemes that also resist chosen-ciphertext attacks (CCA) till recently require interaction in the decryption phase. A very specific method (in composite order groups) for getting rid of interaction was recently suggested, leaving the question of more generic frameworks and constructions with better security and, in particular, better exibility (i.e., compatibility with distributed key generation). This paper advances the state of the art and describes a general construction of adaptively secure robust non-interactive threshold cryptosystems with chosen-ciphertext security. We define the novel notion of all-but-one perfectly sound threshold hash proof systems that can be seen as (threshold) hash proof systems with publicly verifiable and simulation-sound proofs. We show that this notion generically implies threshold cryptosystems combining the aforementioned properties. Then, we provide efficient instantiations under well-studied assumptions in bilinear groups (e.g., in such groups of prime order). These instantiations have a tighter security proof in the single-challenge setting and are indeed compatible with distributed key generation protocols.
Document type :
Journal articles
Complete list of metadata
Contributor : Benoit Libert Connect in order to contact the contributor
Submitted on : Wednesday, January 20, 2021 - 2:50:17 PM
Last modification on : Thursday, January 20, 2022 - 4:14:05 PM
Long-term archiving on: : Wednesday, April 21, 2021 - 6:44:56 PM


Files produced by the author(s)




Benoît Libert, Moti Yung. Adaptively Secure Non-interactive CCA-Secure Threshold Cryptosystems: Generic Framework and Constructions. Journal of Cryptology, Springer Verlag, 2020, 33, pp.1405-1441. ⟨10.1007/s00145-020-09350-3⟩. ⟨hal-03116642⟩



Les métriques sont temporairement indisponibles