[Resource Topic] 2013/419: How to Share a Lattice Trapdoor: Threshold Protocols for Signatures and (H)IBE

Welcome to the resource topic for 2013/419

Title:
How to Share a Lattice Trapdoor: Threshold Protocols for Signatures and (H)IBE

Authors: Rikke Bendlin, Sara Krehbiel, Chris Peikert

Abstract:

We develop secure \emph{threshold} protocols for two important operations in lattice cryptography, namely, generating a hard lattice \Lambda together with a ``strong’’ trapdoor, and sampling from a discrete Gaussian distribution over a desired coset of \Lambda using the trapdoor. These are the central operations of many cryptographic schemes: for example, they are exactly the key-generation and signing operations (respectively) for the GPV signature scheme, and they are the public parameter generation and private key extraction operations (respectively) for the GPV IBE. We also provide a protocol for trapdoor delegation, which is used in lattice-based hierarchical IBE schemes. Our work therefore directly transfers all these systems to the threshold setting. Our protocols provide information-theoretic (i.e., statistical) security against adaptive corruptions in the UC framework, and they are private and robust against an optimal number of semi-honest or malicious parties. Our Gaussian sampling protocol is both noninteractive and efficient, assuming either a trusted setup phase (e.g., performed as part of key generation) or a sufficient amount of interactive but offline precomputation, which can be performed before the inputs to the sampling phase are known.

ePrint: https://eprint.iacr.org/2013/419

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .