[Resource Topic] 2021/1290: Large-Scale Non-Interactive Threshold Cryptosystems in the YOSO Model

Welcome to the resource topic for 2021/1290

Title:
Large-Scale Non-Interactive Threshold Cryptosystems in the YOSO Model

Authors: Andreas Erwig, Sebastian Faust, and Siavash Riahi

Abstract:

A (t,n)-public key threshold cryptosystem allows distributing the execution of a cryptographic task among a set of n parties by splitting the secret key required for the computation into n shares. A subset of at least t+1 honest parties is required to execute the task of the cryptosystem correctly, while security is guaranteed as long as at most t < \frac{n}{2} parties are corrupted. Unfortunately, traditional threshold cryptosystems do not scale well, when executed at large-scale (e.g., in the Internet-environment). In such settings, a possible approach is to select a subset of n players (called a committee) out of the entire universe of N\gg n parties to run the protocol. If done naively, however, this means that the adversary’s corruption power does not scale with N as otherwise, the adversary would be able to corrupt the entire committee. A beautiful solution for this problem is given by Benhamouda et al. (TCC 2020) who present a novel form of secret sharing, where the efficiency of the protocol is \emph{independent} of N, but the adversarial corruption power \emph{scales} with N (a.k.a. fully mobile adversary). They achieve this through a novel mechanism that guarantees parties in a committee to stay anonymous – also referred to as the YOSO (You Only Speak Once) model – until they start to interact within the protocol. In this work, we initiate the study of large-scale threshold cryptography in the YOSO model of communication. We formalize and present novel protocols for distributed key generation, threshold encryption, and signature schemes that guarantee security in large-scale environments. A key challenge in our analysis is that we cannot use the secret sharing protocol of Benhamouda et al. as a black-box to construct our schemes, and instead we require a more generalized version, which may be of independent interest. Finally, we show how our protocols can be concretely instantiated in the YOSO model, and discuss interesting applications of our schemes.

ePrint: https://eprint.iacr.org/2021/1290

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .