Cryptology ePrint Archive: Report 2017/956

Threshold Cryptosystems From Threshold Fully Homomorphic Encryption

Dan Boneh and Rosario Gennaro and Steven Goldfeder and Aayush Jain and Sam Kim and Peter M. R. Rasmussen and Amit Sahai

Abstract: We develop a general approach to adding a threshold functionality to a large class of (non- threshold) cryptographic schemes. A threshold functionality enables a secret key to be split into a number of shares, so that only a threshold of parties can use the key, without reconstructing the key. We begin by constructing a threshold fully-homomorphic encryption scheme (TFHE) from the learning with errors (LWE) problem. We next introduce a new concept, called a universal thresholdizer, from which many threshold systems are possible. We show how to construct a universal thresholdizer from our TFHE. A universal thresholdizer can be used to add threshold functionality to many systems, such as CCA-secure public key encryption (PKE), signature schemes, pseudorandom functions, and others primitives. In particular, by applying this paradigm to a (non-threshold) lattice signature system, we obtain the first single-round threshold signature scheme from LWE.

Category / Keywords: cryptographic protocols / fully homomorphic encryption, threshold cryptography, lattices, threshold signatures

Date: received 28 Sep 2017

Contact author: skim13 at cs stanford edu

Available format(s): PDF | BibTeX Citation

Note: This is a merged version of Eprint 2017/251 and 2017/257, with additional results.

Version: 20170929:122339 (All versions of this report)

Short URL: ia.cr/2017/956

Discussion forum: Show discussion | Start new discussion