Cryptology ePrint Archive: Report 2018/727

DiSE: Distributed Symmetric-key Encryption

Shashank Agrawal and Payman Mohassel and Pratyay Mukherjee and Peter Rindal

Abstract: Threshold cryptography provides a mechanism for protecting secret keys by sharing them among multiple parties, who then jointly perform cryptographic operations. An attacker who corrupts upto a threshold number of parties cannot recover the secrets or violate security. Prior works in this space have mostly focused on definitions and constructions for public-key cryptography and digital signatures, and thus do not capture the security concerns and efficiency challenges of symmetric-key based applications which commonly use long-term (unprotected) master keys to protect data at rest, authenticate clients on enterprise networks, and secure data and payments on IoT devices.

We put forth the first formal treatment for distributed symmetric-key encryption, proposing new notions of correctness, privacy and authenticity in presence of malicious attackers. We provide strong and intuitive game-based definitions that are easy to understand and yield efficient constructions.

We propose a generic construction of threshold authenticated encryption based on any distributed pseudorandom function (DPRF). When instantiated with the two different DPRF constructions proposed by Naor, Pinkas and Reingold (Eurocrypt 1999) and our enhanced versions, we obtain several efficient constructions meeting different security definitions. We implement these variants and provide extensive performance comparisons. Our most efficient instantiation uses only symmetric-key primitives and achieves a throughput of upto 1 million encryptions/decryptions per seconds, or alternatively a sub-millisecond latency with upto 18 participating parties.

Category / Keywords: secret-key cryptography / Threshold Cryptography, Authenticated Encryption

Original Publication (with minor differences): ACM CCS 2018
DOI:
10.1145/3243734.3243774

Date: received 6 Aug 2018, last revised 19 Sep 2018

Contact author: pratyay85 at gmail com

Available format(s): PDF | BibTeX Citation

Note: A minor fix.

Version: 20180919:180045 (All versions of this report)

Short URL: ia.cr/2018/727


[ Cryptology ePrint archive ]