Cryptology ePrint Archive: Report 2021/630

Non-Interactive CCA2-Secure Threshold Cryptosystems: Achieving Adaptive Security in the Standard Model Without Pairings

Julien Devevey and Benoît Libert and Khoa Nguyen and Thomas Peters and Moti Yung

Abstract: We consider threshold public-key encryption, where the decryption servers distributively hold the private key shares, and we need a threshold of these servers to decrypt the message (while the system remains secure when less than the threshold is corrupt). We investigate the notion of chosen-ciphertext secure threshold systems which has been historically hard to achieve. We further require the systems to be, both, adaptively secure (i.e., secure against a strong adversary making corruption decisions dynamically during the protocol), and non-interactive (i.e., where decryption servers do not interact amongst themselves but rather efficiently contribute, each, a single message). To date, only pairing-based implementations were known to achieve security in the standard security model without relaxation (i.e., without assuming the random oracle idealization) under the above stringent requirements. Here, we investigate how to achieve the above using other assumptions (in order to understand what other algebraic building blocks and mathematical assumptions are needed to extend the domain of encryption methods achieving the above). Specifically, we show realizations under the Decision Composite Residuosity (DCR) and Learning-With-Errors (LWE) assumptions.

Category / Keywords: public-key cryptography / Threshold cryptography, adaptive security, non-interactive schemes, standard model, chosen-ciphertext security, DCR, LWE

Original Publication (with major differences): IACR-PKC-2021

Date: received 13 May 2021, last revised 24 May 2021

Contact author: julien devevey at ens-lyon fr, benoit libert at ens-lyon fr, khoantt at ntu edu sg, thomas peters at uclouvain be, motiyung at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20210524:091156 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]