Paper 2024/263

Threshold Encryption with Silent Setup

Sanjam Garg, UC Berkeley
Dimitris Kolonelos, IMDEA Software Institute, Universidad Politécnica de Madrid
Guru-Vamsi Policharla, UC Berkeley
Mingyuan Wang, UC Berkeley

We build a concretely efficient threshold encryption scheme where the joint public key of a set of parties is computed as a deterministic function of their locally computed public keys, enabling a silent setup phase. By eliminating interaction from the setup phase, our scheme immediately enjoys several highly desirable features such as asynchronous setup, multiverse support, and dynamic threshold. Prior to our work, the only known constructions of threshold encryption with silent setup relied on heavy cryptographic machinery such as indistinguishability Obfuscation or witness encryption for all of $\mathsf{NP}$. Our core technical innovation lies in building a special purpose witness encryption scheme for the statement ``at least $t$ parties have signed a given message''. Our construction relies on pairings and is proved secure in the Generic Group Model. Notably, our construction, restricted to the special case of threshold $t=1$, gives an alternative construction of the (flexible) distributed broadcast encryption from pairings, which has been the central focus of several recent works. We implement and evaluate our scheme to demonstrate its concrete efficiency. Both encryption and partial decryption are constant time, taking $<7\,$ms and $<1\,$ms, respectively. For a committee of $1024$ parties, the aggregation of partial decryptions takes $<200\,$ms, when all parties provide partial decryptions. The size of each ciphertext is $\approx 8\times$ larger than an ElGamal ciphertext.

Available format(s)
Public-key cryptography
Publication info
Threshold EncryptionSilent SetupFlexible Broadcast Encryption
Contact author(s)
sanjamg @ berkeley edu
dimitris kolonelos @ imdea org
guruvamsip @ berkeley edu
mingyuan @ berkeley edu
2024-02-19: approved
2024-02-16: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sanjam Garg and Dimitris Kolonelos and Guru-Vamsi Policharla and Mingyuan Wang},
      title = {Threshold Encryption with Silent Setup},
      howpublished = {Cryptology ePrint Archive, Paper 2024/263},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.