Paper 2024/007

Password Protected Universal Thresholdizer

Abstract

Universal thresholdizer (UT) was proposed by Boneh et al. in CRYPTO'18 as a general framework for thresholdizing non-threshold cryptographic primitives where a set of $N$ servers, each gets a share such that any set of $k$ servers, each produces a partial result, which can be combined to generate the final result. In many applications of threshold cryptography such as the protection of private keys in a digital wallet, the combining operation of partial results must be protected. In this paper, we extend the UT framework to include password authentication for such protection. We formalize the notion of password protected universal thresholdizer (PPUT) that requires the knowledge of a password to execute the protocol, propose a general construction of PPUT, and prove its security. Our construction uses threshold password authenticated key exchange (TPAKE) with simulation-based security as one of the main building blocks. We define simulation-based security of TPAKE in stand-alone model and give a construction using threshold fully-homomorphic encryption. As an application of PPUT, we propose a new primitive called password protected threshold signature. All the proposed constructions are secure in the standard model, and can be instantiated from lattices.