Skip to main content
SpringerLink
Log in

Secure Multiparty Computation from Threshold Encryption Based on Class Groups

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2023 (CRYPTO 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14081))

Included in the following conference series:

Abstract

We construct the first actively-secure threshold version of the cryptosystem based on class groups from the so-called CL framework (Castagnos and Laguillaumie, 2015).

We show how to use our threshold scheme to achieve general universally composable (UC) secure multiparty computation (MPC) with only transparent set-up, i.e., with no secret trapdoors involved.

On the way to our goal, we design new zero-knowledge (ZK) protocols with constant communication complexity for proving multiplicative relations between encrypted values. This allows us to use the ZK proofs to achieve MPC with active security with only a constant factor overhead.

Finally, we adapt our protocol for the so called “You-Only-Speak-Once” (YOSO) setting, which is a very promising recent approach for performing MPC over a blockchain. This is possible because our key generation protocol is simpler and requires significantly less interaction compared to previous approaches: in particular, our new key generation protocol allows the adversary to bias the public key, but we show that this has no impact on the security of the resulting cryptosystem.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We describe the issue in detail in the full version [9].

  2. 2.

    In follow-up work, we have observed that for the particular application to key generation, a slightly weaker reconstruction property suffices, namely that the product of x and a public constant modulo the group order can be reconstructed. This can be achieved without the dealer proving knowledge of x and hence the key generation can be made more efficient.

  3. 3.

    [11, Sec. 3.2] remarks that the randomness used in their instantiation of \(\textsf{CLGen}\) is not crucial for security, but traditionally random discriminants are used for class-group-based crypto. Hence, we can use publicly known randomness \(\rho \in \{0,1\}^\lambda \).

  4. 4.

    We can see Protocol 1 as a linear integer secret sharing (LISS) [19, 22] variant, with the difference that we reconstruct \(\alpha \cdot \varDelta ^2\) The distribution matrix is a Vandermonde matrix, and the distribution vector is the vector of coefficients of the polynomial.

  5. 5.

    [36] uses generators \(g_0, g := g_0^{\varDelta ^2}\) of maximal order in \(\mathbb {Z}_n^*\) and then \(g\) as base in the Feldman scheme. Rabin does not prove the reconstruction property, but claims it follows directly from Feldman’s work. We could not reproduce the proof and, therefore, use a slightly different construction.

  6. 6.

    For simplicity, we use the same bounds \([-S,+S]\) for each secret, but we could also specify separate bounds for each secret \(s_j \in [-S_j, +S_j]\) and sample the randomness \(r_j \in _R [A_j]\) s.t. \(S_j C / A_j\) is negligible for every \(j \in [m]\). This makes the protocol description more complicated, but it would be more efficient when we have secrets of different sizes.

  7. 7.

    Note that the soundness property does not require the existence of a witness \(\textbf{w}\) such that each \(w_j\) is within the range \([-S,+S]\).

  8. 8.

    The protocol of [28] prevents this kind of bias in the setting of prime-order groups. We could instantiate their protocol also in the unknown order setting, but the setup would be significantly more complicated.

  9. 9.

    Actually a weak form of extraction (see Sect. 5) will suffice, where we only extract a part of the witness. This is because the MPC protocol we describe here is a simple adaptation of \(\varPi _\textsf{ABB}^q\) for the non-YOSO model.

References

  1. Abe, M., Fehr, S.: Adaptively secure Feldman VSS and applications to universally-composable threshold cryptography. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 317–334. Springer, Heidelberg (August 2004). https://doi.org/10.1007/978-3-540-28628-8_20

  2. Abram, D., Damgård, I., Orlandi, C., Scholl, P.: An algebraic framework for silent preprocessing with trustless setup and active security. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part IV. LNCS, vol. 13510, pp. 421–452. Springer, Heidelberg (August 2022). https://doi.org/10.1007/978-3-031-15985-5_15

  3. Arun, A., Ganesh, C., Lokam, S.V., Mopuri, T., Sridhar, S.: Dew: a transparent constant-sized polynomial commitment scheme. In: Boldyreva, A., Kolesnikov, V. (eds.) PKC 2023, Part II. LNCS, vol. 13941, pp. 542–571. Springer, Heidelberg (May 2023). https://doi.org/10.1007/978-3-031-31371-4_19

  4. Baum, C., Cozzo, D., Smart, N.P.: Using TopGear in overdrive: a more efficient ZKPoK for SPDZ. In: Paterson, K.G., Stebila, D. (eds.) SAC 2019. LNCS, vol. 11959, pp. 274–302. Springer, Heidelberg (August 2019). https://doi.org/10.1007/978-3-030-38471-5_12

  5. Beaver, D.: Efficient multiparty protocols using circuit randomization. In: Feigenbaum, J. (ed.) CRYPTO’91. LNCS, vol. 576, pp. 420–432. Springer, Heidelberg (August 1992). https://doi.org/10.1007/3-540-46766-1_34

  6. Bendlin, R., Damgård, I., Orlandi, C., Zakarias, S.: Semi-homomorphic encryption and multiparty computation. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 169–188. Springer, Heidelberg (May 2011). https://doi.org/10.1007/978-3-642-20465-4_11

  7. Benhamouda, F., et al.: Can a public blockchain keep a secret? In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part I. LNCS, vol. 12550, pp. 260–290. Springer, Heidelberg (November 2020). https://doi.org/10.1007/978-3-030-64375-1_10

  8. Boneh, D., Bünz, B., Fisch, B.: A survey of two verifiable delay functions. Cryptology ePrint Archive, Report 2018/712 (2018), https://eprint.iacr.org/2018/712

  9. Braun, L., Damgård, I., Orlandi, C.: Secure multiparty computation from threshold encryption based on class groups. Cryptology ePrint Archive, Report 2022/1437 (2022). https://eprint.iacr.org/2022/1437

  10. Castagnos, G., Catalano, D., Laguillaumie, F., Savasta, F., Tucker, I.: Two-party ECDSA from hash proof systems and efficient instantiations. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part III. LNCS, vol. 11694, pp. 191–221. Springer, Heidelberg (August 2019). https://doi.org/10.1007/978-3-030-26954-8_7

  11. Castagnos, G., Catalano, D., Laguillaumie, F., Savasta, F., Tucker, I.: Bandwidth-efficient threshold EC-DSA. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020, Part II. LNCS, vol. 12111, pp. 266–296. Springer, Heidelberg (May 2020). https://doi.org/10.1007/978-3-030-45388-6_10

  12. Castagnos, G., Laguillaumie, F.: Linearly homomorphic encryption from \(\sf DDH\). In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 487–505. Springer, Heidelberg (April 2015). https://doi.org/10.1007/978-3-319-16715-2_26

  13. Castagnos, G., Laguillaumie, F., Tucker, I.: Practical fully secure unrestricted inner product functional encryption modulo p. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part II. LNCS, vol. 11273, pp. 733–764. Springer, Heidelberg (December 2018). https://doi.org/10.1007/978-3-030-03329-3_25

  14. Castagnos, G., Laguillaumie, F., Tucker, I.: Threshold linearly homomorphic encryption on \(\textbf{Z} /2^{k}\textbf{Z} \). In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022, Part II. LNCS, vol. 13792, pp. 99–129. Springer, Heidelberg (December 2022). https://doi.org/10.1007/978-3-031-22966-4_4

  15. Cohen, H., Lenstra, H.W.: Heuristics on class groups of number fields. In: Number Theory Noordwijkerhout 1983 (1984)

    Google Scholar 

  16. Cramer, R.: Modular design of secure yet practical cryptographic protocols. Ph.D. thesis, Universiteit van Amsterdam (1997)

    Google Scholar 

  17. Cramer, R., Damgård, I., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–299. Springer, Heidelberg (May 2001). https://doi.org/10.1007/3-540-44987-6_18

  18. Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (August 1994). https://doi.org/10.1007/3-540-48658-5_19

  19. Cramer, R., Fehr, S.: Optimal black-box secret sharing over arbitrary Abelian groups. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 272–287. Springer, Heidelberg (August 2002). https://doi.org/10.1007/3-540-45708-9_18

  20. Damgård, I., Nielsen, J.B.: Universally composable efficient multiparty computation from threshold homomorphic encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 247–264. Springer, Heidelberg (August 2003). https://doi.org/10.1007/978-3-540-45146-4_15

  21. Damgård, I., Pastro, V., Smart, N.P., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (August 2012). https://doi.org/10.1007/978-3-642-32009-5_38

  22. Damgård, I., Thorbek, R.: Linear integer secret sharing and distributed exponentiation. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 75–90. Springer, Heidelberg (April 2006). https://doi.org/10.1007/11745853_6

  23. Desmedt, Y., Frankel, Y.: Shared generation of authenticators and signatures (extended abstract). In: Feigenbaum, J. (ed.) CRYPTO’91. LNCS, vol. 576, pp. 457–469. Springer, Heidelberg (August 1992). https://doi.org/10.1007/3-540-46766-1_37

  24. Erwig, A., Faust, S., Riahi, S.: Large-scale non-interactive threshold cryptosystems through anonymity. Cryptology ePrint Archive, Report 2021/1290 (2021), https://eprint.iacr.org/2021/1290

  25. Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: 28th FOCS. pp. 427–437. IEEE Computer Society Press (October 1987). https://doi.org/10.1109/SFCS.1987.4

  26. Fischlin, M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 152–168. Springer, Heidelberg (August 2005). https://doi.org/10.1007/11535218_10

  27. Frankel, Y., Gemmell, P., MacKenzie, P.D., Yung, M.: Optimal resilience proactive public-key cryptosystems. In: 38th FOCS. pp. 384–393. IEEE Computer Society Press (October 1997). https://doi.org/10.1109/SFCS.1997.646127

  28. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 20(1), 51–83 (2006). https://doi.org/10.1007/s00145-006-0347-3

    Article  MathSciNet  MATH  Google Scholar 

  29. Gentry, C., et al.: YOSO: You only speak once - secure MPC with stateless ephemeral roles. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part II. LNCS, vol. 12826, pp. 64–93. Springer, Heidelberg, Virtual Event (August 2021). https://doi.org/10.1007/978-3-030-84245-1_3

  30. Gordon, S.D., Le, P.H., McVicker, D.: Linear communication in malicious majority MPC. Cryptology ePrint Archive, Report 2022/781 (2022), https://eprint.iacr.org/2022/781

  31. Keller, M., Pastro, V., Rotaru, D.: Overdrive: making SPDZ great again. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part III. LNCS, vol. 10822, pp. 158–189. Springer, Heidelberg (April/May 2018). https://doi.org/10.1007/978-3-319-78372-7_6

  32. Kolby, S., Ravi, D., Yakoubov, S.: Towards efficient YOSO MPC without setup. Cryptology ePrint Archive, Report 2022/187 (2022), https://eprint.iacr.org/2022/187

  33. Okamoto, T., Pointcheval, D.: The gap-problems: A new class of problems for the security of cryptographic schemes. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (February 2001). https://doi.org/10.1007/3-540-44586-2_8

  34. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT’99. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (May 1999). https://doi.org/10.1007/3-540-48910-X_16

  35. Pietrzak, K.: Simple verifiable delay functions. In: Blum, A. (ed.) ITCS 2019. vol. 124, pp. 60:1–60:15. LIPIcs (Jan 2019). https://doi.org/10.4230/LIPIcs.ITCS.2019.60

  36. Rabin, T.: A simplified approach to threshold and proactive RSA. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 89–104. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055722

    Chapter  Google Scholar 

  37. Shamir, A.: How to share a secret. Commun. Assoc. Comput. Mach. 22(11), 612–613 (1979)

    Google Scholar 

  38. Tucker, I.: Chiffrement fonctionnel et signatures distribuées fondés sur des fonctions de hachage à projection, l’apport des groupes de classes. Ph.D. thesis, École normale supérieure de Lyon (2020)

    Google Scholar 

  39. Wesolowski, B.: Efficient verifiable delay functions. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part III. LNCS, vol. 11478, pp. 379–407. Springer, Heidelberg (May 2019). https://doi.org/10.1007/978-3-030-17659-4_13

Download references

Acknowledgements

This research was supported by the Concordium Blockhain Research Center, Aarhus University, Denmark, the Carlsberg Foundation under the Semper Ardens Research Project CF18-112 (BCM), and the European Research Council (ERC) under the European Unions’s Horizon 2020 research and innovation programme under grant agreement No 803096 (SPEC). We thank Guilhem Castagnos, Fabien Laguillaumie, and Ida Tucker for clarifications regarding the CL framework.

Author information

Authors and Affiliations

  1. Aarhus University, Aarhus, Denmark

    Lennart Braun, Ivan Damgård & Claudio Orlandi

Authors
  1. Lennart Braun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ivan Damgård
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Claudio Orlandi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lennart Braun .

Editor information

Editors and Affiliations

  1. Rambus Inc., San Jose, CA, USA

    Helena Handschuh

  2. Brown University, Providence, RI, USA

    Anna Lysyanskaya

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Braun, L., Damgård, I., Orlandi, C. (2023). Secure Multiparty Computation from Threshold Encryption Based on Class Groups. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14081. Springer, Cham. https://doi.org/10.1007/978-3-031-38557-5_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-38557-5_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-38556-8

  • Online ISBN: 978-3-031-38557-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation