Paper 2021/630

Non-Interactive CCA2-Secure Threshold Cryptosystems: Achieving Adaptive Security in the Standard Model Without Pairings

Julien Devevey, Benoît Libert, Khoa Nguyen, Thomas Peters, and Moti Yung


We consider threshold public-key encryption, where the decryption servers distributively hold the private key shares, and we need a threshold of these servers to decrypt the message (while the system remains secure when less than the threshold is corrupt). We investigate the notion of chosen-ciphertext secure threshold systems which has been historically hard to achieve. We further require the systems to be, both, adaptively secure (i.e., secure against a strong adversary making corruption decisions dynamically during the protocol), and non-interactive (i.e., where decryption servers do not interact amongst themselves but rather efficiently contribute, each, a single message). To date, only pairing-based implementations were known to achieve security in the standard security model without relaxation (i.e., without assuming the random oracle idealization) under the above stringent requirements. Here, we investigate how to achieve the above using other assumptions (in order to understand what other algebraic building blocks and mathematical assumptions are needed to extend the domain of encryption methods achieving the above). Specifically, we show realizations under the Decision Composite Residuosity (DCR) and Learning-With-Errors (LWE) assumptions.

Available format(s)
Public-key cryptography
Publication info
A major revision of an IACR publication in PKC 2021
Threshold cryptographyadaptive securitynon-interactive schemesstandard modelchosen-ciphertext securityDCRLWE
Contact author(s)
julien devevey @ ens-lyon fr
benoit libert @ ens-lyon fr
khoantt @ ntu edu sg
thomas peters @ uclouvain be
motiyung @ gmail com
2021-05-24: revised
2021-05-17: received
See all versions
Short URL
Creative Commons Attribution


      author = {Julien Devevey and Benoît Libert and Khoa Nguyen and Thomas Peters and Moti Yung},
      title = {Non-Interactive CCA2-Secure Threshold Cryptosystems: Achieving Adaptive Security in the Standard Model Without Pairings},
      howpublished = {Cryptology ePrint Archive, Paper 2021/630},
      year = {2021},
      doi = {10.1007/978-3-030-75245-3_24},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.