Abstract
We construct the first actively-secure threshold version of the cryptosystem based on class groups from the so-called CL framework (Castagnos and Laguillaumie, 2015).
We show how to use our threshold scheme to achieve general universally composable (UC) secure multiparty computation (MPC) with only transparent set-up, i.e., with no secret trapdoors involved.
On the way to our goal, we design new zero-knowledge (ZK) protocols with constant communication complexity for proving multiplicative relations between encrypted values. This allows us to use the ZK proofs to achieve MPC with active security with only a constant factor overhead.
Finally, we adapt our protocol for the so called “You-Only-Speak-Once” (YOSO) setting, which is a very promising recent approach for performing MPC over a blockchain. This is possible because our key generation protocol is simpler and requires significantly less interaction compared to previous approaches: in particular, our new key generation protocol allows the adversary to bias the public key, but we show that this has no impact on the security of the resulting cryptosystem.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We describe the issue in detail in the full version [9].
- 2.
In follow-up work, we have observed that for the particular application to key generation, a slightly weaker reconstruction property suffices, namely that the product of x and a public constant modulo the group order can be reconstructed. This can be achieved without the dealer proving knowledge of x and hence the key generation can be made more efficient.
- 3.
[11, Sec. 3.2] remarks that the randomness used in their instantiation of \(\textsf{CLGen}\) is not crucial for security, but traditionally random discriminants are used for class-group-based crypto. Hence, we can use publicly known randomness \(\rho \in \{0,1\}^\lambda \).
- 4.
- 5.
[36] uses generators \(g_0, g := g_0^{\varDelta ^2}\) of maximal order in \(\mathbb {Z}_n^*\) and then \(g\) as base in the Feldman scheme. Rabin does not prove the reconstruction property, but claims it follows directly from Feldman’s work. We could not reproduce the proof and, therefore, use a slightly different construction.
- 6.
For simplicity, we use the same bounds \([-S,+S]\) for each secret, but we could also specify separate bounds for each secret \(s_j \in [-S_j, +S_j]\) and sample the randomness \(r_j \in _R [A_j]\) s.t. \(S_j C / A_j\) is negligible for every \(j \in [m]\). This makes the protocol description more complicated, but it would be more efficient when we have secrets of different sizes.
- 7.
Note that the soundness property does not require the existence of a witness \(\textbf{w}\) such that each \(w_j\) is within the range \([-S,+S]\).
- 8.
The protocol of [28] prevents this kind of bias in the setting of prime-order groups. We could instantiate their protocol also in the unknown order setting, but the setup would be significantly more complicated.
- 9.
Actually a weak form of extraction (see Sect. 5) will suffice, where we only extract a part of the witness. This is because the MPC protocol we describe here is a simple adaptation of \(\varPi _\textsf{ABB}^q\) for the non-YOSO model.
References
Abe, M., Fehr, S.: Adaptively secure Feldman VSS and applications to universally-composable threshold cryptography. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 317–334. Springer, Heidelberg (August 2004). https://doi.org/10.1007/978-3-540-28628-8_20
Abram, D., Damgård, I., Orlandi, C., Scholl, P.: An algebraic framework for silent preprocessing with trustless setup and active security. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part IV. LNCS, vol. 13510, pp. 421–452. Springer, Heidelberg (August 2022). https://doi.org/10.1007/978-3-031-15985-5_15
Arun, A., Ganesh, C., Lokam, S.V., Mopuri, T., Sridhar, S.: Dew: a transparent constant-sized polynomial commitment scheme. In: Boldyreva, A., Kolesnikov, V. (eds.) PKC 2023, Part II. LNCS, vol. 13941, pp. 542–571. Springer, Heidelberg (May 2023). https://doi.org/10.1007/978-3-031-31371-4_19
Baum, C., Cozzo, D., Smart, N.P.: Using TopGear in overdrive: a more efficient ZKPoK for SPDZ. In: Paterson, K.G., Stebila, D. (eds.) SAC 2019. LNCS, vol. 11959, pp. 274–302. Springer, Heidelberg (August 2019). https://doi.org/10.1007/978-3-030-38471-5_12
Beaver, D.: Efficient multiparty protocols using circuit randomization. In: Feigenbaum, J. (ed.) CRYPTO’91. LNCS, vol. 576, pp. 420–432. Springer, Heidelberg (August 1992). https://doi.org/10.1007/3-540-46766-1_34
Bendlin, R., Damgård, I., Orlandi, C., Zakarias, S.: Semi-homomorphic encryption and multiparty computation. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 169–188. Springer, Heidelberg (May 2011). https://doi.org/10.1007/978-3-642-20465-4_11
Benhamouda, F., et al.: Can a public blockchain keep a secret? In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part I. LNCS, vol. 12550, pp. 260–290. Springer, Heidelberg (November 2020). https://doi.org/10.1007/978-3-030-64375-1_10
Boneh, D., Bünz, B., Fisch, B.: A survey of two verifiable delay functions. Cryptology ePrint Archive, Report 2018/712 (2018), https://eprint.iacr.org/2018/712
Braun, L., Damgård, I., Orlandi, C.: Secure multiparty computation from threshold encryption based on class groups. Cryptology ePrint Archive, Report 2022/1437 (2022). https://eprint.iacr.org/2022/1437
Castagnos, G., Catalano, D., Laguillaumie, F., Savasta, F., Tucker, I.: Two-party ECDSA from hash proof systems and efficient instantiations. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part III. LNCS, vol. 11694, pp. 191–221. Springer, Heidelberg (August 2019). https://doi.org/10.1007/978-3-030-26954-8_7
Castagnos, G., Catalano, D., Laguillaumie, F., Savasta, F., Tucker, I.: Bandwidth-efficient threshold EC-DSA. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020, Part II. LNCS, vol. 12111, pp. 266–296. Springer, Heidelberg (May 2020). https://doi.org/10.1007/978-3-030-45388-6_10
Castagnos, G., Laguillaumie, F.: Linearly homomorphic encryption from \(\sf DDH\). In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 487–505. Springer, Heidelberg (April 2015). https://doi.org/10.1007/978-3-319-16715-2_26
Castagnos, G., Laguillaumie, F., Tucker, I.: Practical fully secure unrestricted inner product functional encryption modulo p. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part II. LNCS, vol. 11273, pp. 733–764. Springer, Heidelberg (December 2018). https://doi.org/10.1007/978-3-030-03329-3_25
Castagnos, G., Laguillaumie, F., Tucker, I.: Threshold linearly homomorphic encryption on \(\textbf{Z} /2^{k}\textbf{Z} \). In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022, Part II. LNCS, vol. 13792, pp. 99–129. Springer, Heidelberg (December 2022). https://doi.org/10.1007/978-3-031-22966-4_4
Cohen, H., Lenstra, H.W.: Heuristics on class groups of number fields. In: Number Theory Noordwijkerhout 1983 (1984)
Cramer, R.: Modular design of secure yet practical cryptographic protocols. Ph.D. thesis, Universiteit van Amsterdam (1997)
Cramer, R., Damgård, I., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–299. Springer, Heidelberg (May 2001). https://doi.org/10.1007/3-540-44987-6_18
Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (August 1994). https://doi.org/10.1007/3-540-48658-5_19
Cramer, R., Fehr, S.: Optimal black-box secret sharing over arbitrary Abelian groups. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 272–287. Springer, Heidelberg (August 2002). https://doi.org/10.1007/3-540-45708-9_18
Damgård, I., Nielsen, J.B.: Universally composable efficient multiparty computation from threshold homomorphic encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 247–264. Springer, Heidelberg (August 2003). https://doi.org/10.1007/978-3-540-45146-4_15
Damgård, I., Pastro, V., Smart, N.P., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (August 2012). https://doi.org/10.1007/978-3-642-32009-5_38
Damgård, I., Thorbek, R.: Linear integer secret sharing and distributed exponentiation. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 75–90. Springer, Heidelberg (April 2006). https://doi.org/10.1007/11745853_6
Desmedt, Y., Frankel, Y.: Shared generation of authenticators and signatures (extended abstract). In: Feigenbaum, J. (ed.) CRYPTO’91. LNCS, vol. 576, pp. 457–469. Springer, Heidelberg (August 1992). https://doi.org/10.1007/3-540-46766-1_37
Erwig, A., Faust, S., Riahi, S.: Large-scale non-interactive threshold cryptosystems through anonymity. Cryptology ePrint Archive, Report 2021/1290 (2021), https://eprint.iacr.org/2021/1290
Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: 28th FOCS. pp. 427–437. IEEE Computer Society Press (October 1987). https://doi.org/10.1109/SFCS.1987.4
Fischlin, M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 152–168. Springer, Heidelberg (August 2005). https://doi.org/10.1007/11535218_10
Frankel, Y., Gemmell, P., MacKenzie, P.D., Yung, M.: Optimal resilience proactive public-key cryptosystems. In: 38th FOCS. pp. 384–393. IEEE Computer Society Press (October 1997). https://doi.org/10.1109/SFCS.1997.646127
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 20(1), 51–83 (2006). https://doi.org/10.1007/s00145-006-0347-3
Gentry, C., et al.: YOSO: You only speak once - secure MPC with stateless ephemeral roles. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part II. LNCS, vol. 12826, pp. 64–93. Springer, Heidelberg, Virtual Event (August 2021). https://doi.org/10.1007/978-3-030-84245-1_3
Gordon, S.D., Le, P.H., McVicker, D.: Linear communication in malicious majority MPC. Cryptology ePrint Archive, Report 2022/781 (2022), https://eprint.iacr.org/2022/781
Keller, M., Pastro, V., Rotaru, D.: Overdrive: making SPDZ great again. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part III. LNCS, vol. 10822, pp. 158–189. Springer, Heidelberg (April/May 2018). https://doi.org/10.1007/978-3-319-78372-7_6
Kolby, S., Ravi, D., Yakoubov, S.: Towards efficient YOSO MPC without setup. Cryptology ePrint Archive, Report 2022/187 (2022), https://eprint.iacr.org/2022/187
Okamoto, T., Pointcheval, D.: The gap-problems: A new class of problems for the security of cryptographic schemes. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (February 2001). https://doi.org/10.1007/3-540-44586-2_8
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT’99. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (May 1999). https://doi.org/10.1007/3-540-48910-X_16
Pietrzak, K.: Simple verifiable delay functions. In: Blum, A. (ed.) ITCS 2019. vol. 124, pp. 60:1–60:15. LIPIcs (Jan 2019). https://doi.org/10.4230/LIPIcs.ITCS.2019.60
Rabin, T.: A simplified approach to threshold and proactive RSA. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 89–104. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055722
Shamir, A.: How to share a secret. Commun. Assoc. Comput. Mach. 22(11), 612–613 (1979)
Tucker, I.: Chiffrement fonctionnel et signatures distribuées fondés sur des fonctions de hachage à projection, l’apport des groupes de classes. Ph.D. thesis, École normale supérieure de Lyon (2020)
Wesolowski, B.: Efficient verifiable delay functions. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part III. LNCS, vol. 11478, pp. 379–407. Springer, Heidelberg (May 2019). https://doi.org/10.1007/978-3-030-17659-4_13
Acknowledgements
This research was supported by the Concordium Blockhain Research Center, Aarhus University, Denmark, the Carlsberg Foundation under the Semper Ardens Research Project CF18-112 (BCM), and the European Research Council (ERC) under the European Unions’s Horizon 2020 research and innovation programme under grant agreement No 803096 (SPEC). We thank Guilhem Castagnos, Fabien Laguillaumie, and Ida Tucker for clarifications regarding the CL framework.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Braun, L., Damgård, I., Orlandi, C. (2023). Secure Multiparty Computation from Threshold Encryption Based on Class Groups. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14081. Springer, Cham. https://doi.org/10.1007/978-3-031-38557-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-38557-5_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-38556-8
Online ISBN: 978-3-031-38557-5
eBook Packages: Computer ScienceComputer Science (R0)