Threshold Cryptosystems Based on Factoring

We consider threshold cryptosystems over a composite modulus N where the factors of N are shared among the participants as the secret key. This is a new paradigm for threshold cryptosystems based on a composite modulus, differing from the typical treatment of RSA-based systems where a "decryption exponent" is shared among the participants. Our approach yields solutions to some open problems in threshold cryptography; in particular, we obtain the following: 1. Threshold Homomorphic Encryption. A number of applications (e.g., electronic voting or efficient multi-party computation) require threshold homomorphic encryption schemes. We present a protocol for threshold decryption of the homomorphic Goldwasser-Micali encryption scheme [34], answering an open question of [21]. 2. Threshold Cryptosystems as Secure as Factoring. We describe a threshold version of a variant of the signature standards ISO 9796-2 and PKCS#1 v1.5 (cf. [39, Section 11.3.4]), thus giving the first threshold signature scheme whose security (in the random oracle model) is equivalent to the hardness of factoring [12]. Our techniques may be adapted to distribute the Rabin encryption scheme [44] whose semantic security may be reduced to the hardness of factoring. 3. Efficient Threshold Schemes without a Trusted Dealer. Because our schemes only require sharing of N - which furthermore need not be a product of strong primes - our schemes are very efficient (compared to previous schemes) when a trusted dealer is not assumed and key generation is done in a distributed manner.Extensions to achieve robustness and proactivation are also possible with our schemes.

[1]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[2]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[3]  Jean-Sébastien Coron,et al.  Security Proof for Partial-Domain Hash Signature Schemes , 2002, CRYPTO.

[4]  Ivan Damgård,et al.  Practical Threshold RSA Signatures without a Trusted Dealer , 2000, EUROCRYPT.

[5]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[6]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[7]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[8]  Jacques Stern,et al.  Fully Distributed Threshold RSA under Standard Assumptions , 2001, ASIACRYPT.

[9]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, Journal of Cryptology.

[10]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[11]  Rafail Ostrovsky,et al.  How To Withstand Mobile Virus Attacks , 1991, PODC 1991.

[12]  Matthew K. Franklin,et al.  Joint Encryption and Message-Efficient Secure Computation , 1993, CRYPTO.

[13]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[14]  Shai Halevi,et al.  Computing Inverses over a Shared Secret Modulus , 2000, EUROCRYPT.

[15]  Moti Yung,et al.  How to share a function securely , 1994, STOC '94.

[16]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[17]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.

[18]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[19]  Matthew K. Franklin,et al.  Efficient Generation of Shared RSA Keys (Extended Abstract) , 1997, CRYPTO.

[20]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[21]  Moti Yung,et al.  Proactive RSA , 1997, CRYPTO.

[22]  Moti Yung,et al.  Witness-based cryptographic program checking and robust function sharing , 1996, STOC '96.

[23]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 2000, Journal of Cryptology.

[24]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[25]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[26]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[27]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[28]  Moti Yung,et al.  Adaptively secure distributed public-key systems , 2002, Theor. Comput. Sci..

[29]  Jacques Stern,et al.  Sharing Decryption in the Context of Voting or Lotteries , 2000, Financial Cryptography.

[30]  I. Damgård,et al.  A Generalisation, a Simplification and some Applications of Paillier’s Probabilistic Public-Key System , 2000 .

[31]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, EUROCRYPT.

[32]  Ran Canetti,et al.  An Efficient Threshold Public Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack , 1999, EUROCRYPT.

[33]  Jonathan Katz,et al.  Cryptographic Counters and Applications to Electronic Voting , 2001, EUROCRYPT.

[34]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, EUROCRYPT.

[35]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[36]  Jan Camenisch,et al.  Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products , 2002, CRYPTO.

[37]  Stanislaw Jarecki,et al.  Adaptively Secure Threshold Cryptography: Introducing Concurrency, Removing Erasures , 2000, EUROCRYPT.

[38]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[39]  Donald Beaver,et al.  Cryptographic Protocols Provably Secure Against Dynamic Adversaries , 1992, EUROCRYPT.

[40]  Hugo Krawczyk,et al.  Adaptive Security for Threshold Cryptosystems , 1999, CRYPTO.

[41]  John B. Shoven,et al.  I , Edinburgh Medical and Surgical Journal.

[42]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[43]  Moti Yung,et al.  Optimal-resilience proactive public-key cryptosystems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[44]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[45]  David Pointcheval,et al.  Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks , 2001, ASIACRYPT.

[46]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[47]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[48]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[49]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[50]  Yair Frankel,et al.  A Practical Protocol for Large Group Oriented Networks , 1990, EUROCRYPT.

[51]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[52]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.