17,287 research outputs found
Dynamic Threshold Public-Key Encryption
The original publication is available at www.springerlink.comInternational audienceThis paper deals with threshold public-key encryption which allows a pool of players to decrypt a ciphertext if a given threshold of authorized players cooperate. We generalize this primitive to the dynamic setting, where any user can dynamically join the system, as a possible recipient; the sender can dynamically choose the authorized set of recipients, for each ciphertext; and the sender can dynamically set the threshold t for decryption capability among the authorized set. We first give a formal security model, which includes strong robustness notions, and then we propose a candidate achieving all the above dynamic properties, that is semantically secure in the standard model, under a new non-interactive assumption, that fits into the general Diffie-Hellman exponent framework on groups with a bilinear map. It furthermore compares favorably with previous proposals, a.k.a. threshold broadcast encryption, since this is the first threshold public-key encryption, with dynamic authorized set of recipients and dynamic threshold that provides constant-size ciphertexts
Decentralized Threshold Signatures with Dynamically Private Accountability
Threshold signatures are a fundamental cryptographic primitive used in many
practical applications. As proposed by Boneh and Komlo (CRYPTO'22), TAPS is a
threshold signature that is a hybrid of privacy and accountability. It enables
a combiner to combine t signature shares while revealing nothing about the
threshold t or signing quorum to the public and asks a tracer to track a
signature to the quorum that generates it. However, TAPS has three
disadvantages: it 1) structures upon a centralized model, 2) assumes that both
combiner and tracer are honest, and 3) leaves the tracing unnotarized and
static. In this work, we introduce Decentralized, Threshold, dynamically
Accountable and Private Signature (DeTAPS) that provides decentralized
combining and tracing, enhanced privacy against untrusted combiners (tracers),
and notarized and dynamic tracing. Specifically, we adopt Dynamic Threshold
Public-Key Encryption (DTPKE) to dynamically notarize the tracing process,
design non-interactive zero knowledge proofs to achieve public verifiability of
notaries, and utilize the Key-Aggregate Searchable Encryption to bridge TAPS
and DTPKE so as to awaken the notaries securely and efficiently. In addition,
we formalize the definitions and security requirements for DeTAPS. Then we
present a generic construction and formally prove its security and privacy. To
evaluate the performance, we build a prototype based on SGX2 and Ethereum
Threshold Encryption with Silent Setup
We build a concretely efficient threshold encryption scheme where the joint public key of a set of parties is computed as a deterministic function of their locally computed public keys, enabling a silent setup phase. By eliminating interaction from the setup phase, our scheme immediately enjoys several highly desirable features such as asynchronous setup, multiverse support, and dynamic threshold.
Prior to our work, the only known constructions of threshold encryption with silent setup relied on heavy cryptographic machinery such as indistinguishability Obfuscation or witness encryption for all of . Our core technical innovation lies in building a special purpose witness encryption scheme for the statement ``at least parties have signed a given message\u27\u27. Our construction relies on pairings and is proved secure in the Generic Group Model.
Notably, our construction, restricted to the special case of threshold , gives an alternative construction of the (flexible) distributed broadcast encryption from pairings, which has been the central focus of several recent works.
We implement and evaluate our scheme to demonstrate its concrete efficiency. Both encryption and partial decryption are constant time, taking ms and ms, respectively. For a committee of parties, the aggregation of partial decryptions takes ms, when all parties provide partial decryptions. The size of each ciphertext is larger than an ElGamal ciphertext
THRIVE: Threshold Homomorphic encryption based secure and privacy preserving bIometric VErification system
In this paper, we propose a new biometric verification and template
protection system which we call the THRIVE system. The system includes novel
enrollment and authentication protocols based on threshold homomorphic
cryptosystem where the private key is shared between a user and the verifier.
In the THRIVE system, only encrypted binary biometric templates are stored in
the database and verification is performed via homomorphically randomized
templates, thus, original templates are never revealed during the
authentication stage. The THRIVE system is designed for the malicious model
where the cheating party may arbitrarily deviate from the protocol
specification. Since threshold homomorphic encryption scheme is used, a
malicious database owner cannot perform decryption on encrypted templates of
the users in the database. Therefore, security of the THRIVE system is enhanced
using a two-factor authentication scheme involving the user's private key and
the biometric data. We prove security and privacy preservation capability of
the proposed system in the simulation-based model with no assumption. The
proposed system is suitable for applications where the user does not want to
reveal her biometrics to the verifier in plain form but she needs to proof her
physical presence by using biometrics. The system can be used with any
biometric modality and biometric feature extraction scheme whose output
templates can be binarized. The overall connection time for the proposed THRIVE
system is estimated to be 336 ms on average for 256-bit biohash vectors on a
desktop PC running with quad-core 3.2 GHz CPUs at 10 Mbit/s up/down link
connection speed. Consequently, the proposed system can be efficiently used in
real life applications
- …