Paper 2023/451

Non-interactive VSS using Class Groups and Application to DKG

Aniket Kate, Purdue University West Lafayette, Supra Research
Easwar Vivek Mangipudi, Supra Research
Pratyay Mukherjee, Supra Research
Hamza Saleem, Supra Research
Sri Aravinda Krishnan Thyagarajan, NTT Research

Verifiable secret sharing (VSS) allows a dealer to send shares of a secret value to parties such that each party receiving a share can verify (often interactively) if the received share was correctly generated. Non-interactive VSS (NI-VSS) allows the dealer to perform secret sharing such that every party (including an outsider) can verify their shares along with others’ without any interaction with the dealer as well as among themselves. Existing NI-VSS schemes employing either exponentiated ElGamal or lattice-based encryption schemes involve zero-knowledge range proofs, resulting in higher computational and communication complexities. In this work, we present cgVSS, a NI-VSS protocol that uses class groups for encryption. In cgVSS, the dealer encrypts the secret shares in the exponent through a class group encryption such that the parties can directly decrypt their shares. The existence of a subgroup where a discrete logarithm is tractable in a class group allows the receiver to efficiently decrypt the share though it is available in the exponent. This yields a novel-yet-simple VSS protocol where the dealer publishes the encryptions of the shares and the zero-knowledge proof of the correctness of the dealing. The linear homomorphic nature of the employed encryption scheme allows for an efficient zero-knowledge proof of correct sharing. Given the rise in demand for VSS protocols in the blockchain space, especially for publicly verifiable distributed key generation (DKG), our NI-VSS construction can be particularly impactful. We implement our cgVSS protocol using the BICYCL library and compare its performance with a simplified version of the state-of-the-art NI-VSS by Groth. Our implementation shows that cgVSS outperforms (a simplified implementation of) Groth’s protocol in overall communication complexity by 5.6x and about 2.4 − 2.7x in computation time per node (for a 150 node system).

Available format(s)
Cryptographic protocols
Publication info
Verifiable secret sharingNon-interactive VSSClass Groups
Contact author(s)
e mangipudi @ supraoracles com
2023-09-12: last of 2 revisions
2023-03-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Aniket Kate and Easwar Vivek Mangipudi and Pratyay Mukherjee and Hamza Saleem and Sri Aravinda Krishnan Thyagarajan},
      title = {Non-interactive VSS using Class Groups and Application to DKG},
      howpublished = {Cryptology ePrint Archive, Paper 2023/451},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.