Adaptively Secure Threshold Cryptography: Introducing Concurrency, Removing Erasures

We put forward two new measures of security for threshold schemes secure in the adaptive adversary model: security under concurrent composition; and security without the assumption of reliable erasure. Using novel constructions and analytical tools, in both these settings, we exhibit efficient secure threshold protocols for a variety of cryptographic applications. In particular, based on the recent scheme by Cramer-Shoup, we construct adaptively secure threshold cryptosystems secure against adaptive chosen ciphertext attack under the DDH intractability assumption. Our techniques are also applicable to other cryptosystems and signature schemes, like RSA, DSS, and ElGamal. Our techniques include the first efficient implementation, for a wide but special class of protocols, of secure channels in erasure-free adaptive model. Of independent interest, we present the notion of a committed proof.

[1]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, EUROCRYPT.

[2]  Ivan Damgård,et al.  Efficient Multiparty Computations Secure Against an Adaptive Adversary , 1999, EUROCRYPT.

[3]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[4]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[5]  Victor Shoup,et al.  Why Chosen Ciphertext Security Matters , 2000 .

[6]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[7]  Moni Naor,et al.  Magic functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[8]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[9]  Anna Lysyanskaya Threshold Cryptography Secure Against the Adaptive Adversary, Concurrently , 2000, IACR Cryptol. ePrint Arch..

[10]  Mihir Bellare,et al.  Collision-Resistant Hashing: Towards Making UOWHFs Practical , 1997, CRYPTO.

[11]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[12]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[13]  Oded Goldreich,et al.  Foundations of Cryptography (Fragments of a Book) , 1995 .

[14]  Markus Jakobsson,et al.  How to Forget a Secret , 1999, STACS.

[15]  Jan Camenisch,et al.  Group signature schemes and payment systems based on the discrete logarithm problem , 1998 .

[16]  Donald Beaver,et al.  Plug and Play Encryption , 1997, CRYPTO.

[17]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[18]  Ivan Damgård,et al.  Zero-Knowledge Proofs for Finite Field Arithmetic; or: Can Zero-Knowledge be for Free? , 1998, CRYPTO.

[19]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[20]  Victor Shoup,et al.  A Composition Theorem for Universal One-Way Hash Functions , 2000, EUROCRYPT.

[21]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[22]  Moti Yung,et al.  Adaptively-Secure Distributed Public-Key Systems , 1999, ESA.

[23]  Moti Yung,et al.  Adaptively-Secure Optimal-Resilience Proactive RSA , 1999, ASIACRYPT.

[24]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, EUROCRYPT.

[25]  Hugo Krawczyk,et al.  Adaptive Security for Threshold Cryptosystems , 1999, CRYPTO.

[26]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[27]  Ran Canetti,et al.  An Efficient Threshold Public Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack , 1999, EUROCRYPT.

[28]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[29]  Donald Beaver,et al.  Cryptographic Protocols Provably Secure Against Dynamic Adversaries , 1992, EUROCRYPT.