Abstract
Threshold cryptography is typically based on the idea of secret-sharing a private-key s∈ F “in the exponent” of some cryptographic group G, or more generally, encoding s in some linearly homomorphic domain. In each invocation of the threshold system (e.g., for signing or decrypting) an “encoding” of the secret is being recovered and so the complexity, measured as the number of group multiplications over G, is equal to the number of F-additions that are needed to reconstruct the secret. Motivated by this scenario, we initiate the study of n-party secret-sharing schemes whose reconstruction algorithm makes a minimal number of additions. The complexity of existing schemes either scales linearly with nlog | F| (e.g., Shamir, CACM’79) or, at least, quadratically with n independently of the size of the domain F (e.g., Cramer-Xing, EUROCRYPT ’20). This leaves open the existence of a secret sharing whose recovery algorithm can be computed by performing only O(n) additions. We resolve the question in the affirmative and present such a near-threshold secret sharing scheme that provides privacy against unauthorized sets of density at most τp, and correctness for authorized sets of density at least τc, for any given arbitrarily close constants τp< τc. Reconstruction can be computed by making at most O(n) additions and, in addition, (1) the share size is constant, (2) the sharing procedure also makes only O(n) additions, and (3) the scheme is a blackbox secret-sharing scheme, i.e., the sharing and reconstruction algorithms work universally for all finite abelian groups F. Prior to our work, no such scheme was known even without features (1)–(3) and even for the ramp setting where τp and τc are far apart. As a by-product, we derive the first blackbox near-threshold secret-sharing scheme with linear-time sharing. We also present several concrete instantiations of our approach that seem practically efficient (e.g., for threshold discrete-log-based signatures). Our constructions are combinatorial in nature. We combine graph-based erasure codes that support “peeling-based” decoding with a new randomness extraction method that is based on inner-product with a small-integer vector. We also introduce a general concatenation-like transform for secret-sharing schemes that allows us to arbitrarily shrink the privacy-correctness gap with a minor overhead. Our techniques enrich the secret-sharing toolbox and, in the context of blackbox secret sharing, provide a new alternative to existing number-theoretic approaches.
Original language | English |
---|---|
Title of host publication | Advances in Cryptology – CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Proceedings |
Editors | Helena Handschuh, Anna Lysyanskaya |
Publisher | Springer Science and Business Media Deutschland GmbH |
Pages | 236-262 |
Number of pages | 27 |
ISBN (Print) | 9783031385568 |
DOIs | |
State | Published - 2023 |
Event | Advances in Cryptology – CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Proceedings - Santa Barbara, United States Duration: 20 Aug 2023 → 24 Aug 2023 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 14081 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | Advances in Cryptology – CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Proceedings |
---|---|
Country/Territory | United States |
City | Santa Barbara |
Period | 20/08/23 → 24/08/23 |
Bibliographical note
Publisher Copyright:© 2023, International Association for Cryptologic Research.
Funding
Acknowledgements. Research supported in part by an Alon Young Faculty Fellowship, by a grant from the Israel Science Foundation (ISF Grant No. 1774/20), and by a grant from the US-Israel Binational Science Foundation and the US National Science Foundation (BSF-NSF Grant No. 2020643). Acknowledgments. Anasuya Acharya and Carmit Hazay are supported by ISF grant No. 1316/18. Carmit Hazay is also supported by the Algorand Centres of Excellence programme managed by Algorand Foundation. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of Algorand Foundation. The fourth author was supported by a JPMorgan Chase Faculty Research Award, Technology, and Humanity Fund from the McCourt School of Public Policy at Georgetown University, and a Google Research Award. 2055694. Vassilis Zikas’s research is supported in part by NSF grant no. 2055599 and by Sunday Group. The authors are also supported by the Algorand Centres of Excellence programme managed by Algorand Foundation. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of Algorand Foundation. Grant. This material is based upon work supported by the Defense Advanced Research Projects Agency through Award HR00112020024. A. Srinivasan was supported in part by a SERB startup grant and Google India Research Award. Acknowledgment. Y. Ishai was supported in part by ERC Project NTSC (742754), BSF grant 2018393, ISF grant 2774/20, and a Google Faculty Research Award. D. Khu-rana was supported in part by NSF CAREER CNS-2238718 and DARPA SIEVE. A. Sahai was supported in part from a Simons Investigator Award, DARPA SIEVE award, NTT Research, NSF Frontier Award 1413955, BSF grant 2012378, a Xerox Faculty Research Award, a Google Faculty Research Award, and an Okawa Foundation Research tial privacy in the shuffle model and the anonymous reviewers for their comments. Y. Ishai and E. Kushilevitz were supported by ISF grant 2774/20 and BSF grant 2018393. Y. Ishai was additionally supported by ERC Project NTSC (742754). Acknowledgments. Ran Cohen’s research is supported in part by NSF grant no. 2055568. Juan Garay’s research is supported in part by NSF grants no. 2001082 and G. Garimella, M. Rosulek and J. Singh—Authors partially supported by NSF award S2356A. Acknowledgements. D. Boneh is supported by NSF, the DARPA SIEVE program, the Simons Foundation, UBRI, and NTT Research. E. Boyle is supported by AFOSR Award FA9550-21-1-0046, ERC Project HSS (852952), and a Google Research Award. H. Corrigan-Gibbs is supported by Capital One, Facebook, Google, Mozilla, Seagate, MIT’s FinTech@CSAIL Initiative, and NSF Award CNS-2054869. N. Gilboa is supported by ISF grant 2951/20, ERC grant 876110, and a grant by the BGU Cyber Center. Y. Ishai is supported by ERC Project NTSC (742754), BSF grant 2018393, and ISF grant 2774/20. Opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of DARPA. Acknowledgments. The research described in this paper received funding from: the Concordium Blockhain Research Center, Aarhus University, Denmark; the Carlsberg Foundation under the Semper Ardens Research Project CF18-112 (BCM); the European Research Council (ERC) under the European Unions’s Horizon 2020 research and innovation programme under grant agreement No 803096 (SPEC); the Danish Independent Research Council under Grant-ID DFF-0165-00107B (C3PO). ritos and quesadillas. He also thanks the Aarhus Crypto Group and the people at NTT Research for being amazing humans (independently of their success in research). The work of Damiano Abram was carried out during an internship funded by NTT Research. Acknowledgements. We would like to thank Alin Tomescu, Kobi Gurkan, Julian Loss, and Renas Bacho for many insightful discussions. Gilad Stern was supported by the HUJI Federmann Cyber Security Research Center in conjunction with the Israel National Cyber Directorate (INCD) in the Prime Minister’s Office. Acknowledgements. Pedro Branco was partially funded by the German Federal Ministry of Education and Research (BMBF) in the course of the 6GEM research hub under grant number 16KISK038. Nico Döttling: Funded by the European Union (ERC, LACONIC, 101041207). Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Research Council. Neither the European Union nor the granting authority can be held responsible for them. Akshayaram Srinivasan was supported in part by a SERB startup grant and Google India Research Award. Acknowledgements. This work is funded in part by National Science Foundation award 2143058.
Funders | Funder number |
---|---|
Algorand Foundation | |
BSF-NSF | 2020643 |
European Unions’s Horizon 2020 research and innovation programme | 803096 |
Google India Research Award | |
JPMorgan | |
McCourt School of Public Policy | |
NTSC | 742754 |
Sunday Group | |
UBRI | |
US-Israel BSF | 2015782 |
National Science Foundation | 2001082, CNS-2001096, CNS-2154174, 2055599, CCF-2220450, CNS-2238718, S2356A, CNS-2026774, 2055568, 2143058, CNS-2246355 |
Air Force Office of Scientific Research | FA9550-21-1-0046 |
Defense Advanced Research Projects Agency | HR0011-20-2-0025, HR00112020024 |
Simons Foundation | |
Microsoft | |
Cisco Systems | |
CNS-2054869 | |
Aarhus Universitet | |
Georgetown University | |
NTT Research | 1413955, 2012378 |
European Commission | 852952 |
United States-Israel Binational Science Foundation | 2018393 |
Science and Engineering Research Board | |
Bundesministerium für Bildung und Forschung | 16KISK038 |
Carlsbergfondet | CF18-112 |
Israel Science Foundation | 1774/20, 876110, 2951/20, 2774/20, 1316/18 |
Okawa Foundation for Information and Telecommunications | |
Danmarks Frie Forskningsfond | DFF-0165-00107B |
Ben-Gurion University of the Negev |
Keywords
- Blackbox secret sharing
- Secret Sharing
- Threshold Cryptography