Paper 2017/956

Threshold Cryptosystems From Threshold Fully Homomorphic Encryption

Dan Boneh, Rosario Gennaro, Steven Goldfeder, Aayush Jain, Sam Kim, Peter M. R. Rasmussen, and Amit Sahai


We develop a general approach to adding a threshold functionality to a large class of (non- threshold) cryptographic schemes. A threshold functionality enables a secret key to be split into a number of shares, so that only a threshold of parties can use the key, without reconstructing the key. We begin by constructing a threshold fully-homomorphic encryption scheme (TFHE) from the learning with errors (LWE) problem. We next introduce a new concept, called a universal thresholdizer, from which many threshold systems are possible. We show how to construct a universal thresholdizer from our TFHE. A universal thresholdizer can be used to add threshold functionality to many systems, such as CCA-secure public key encryption (PKE), signature schemes, pseudorandom functions, and others primitives. In particular, by applying this paradigm to a (non-threshold) lattice signature system, we obtain the first single-round threshold signature scheme from LWE.

Note: This is a merged version of Eprint 2017/251 and 2017/257, with additional results.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
fully homomorphic encryptionthreshold cryptographylatticesthreshold signatures
Contact author(s)
skim13 @ cs stanford edu
2017-09-29: received
Short URL
Creative Commons Attribution


      author = {Dan Boneh and Rosario Gennaro and Steven Goldfeder and Aayush Jain and Sam Kim and Peter M.  R.  Rasmussen and Amit Sahai},
      title = {Threshold Cryptosystems From Threshold Fully Homomorphic Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2017/956},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.