Threshold cryptography provides a mechanism for protecting secret
keys by sharing them among multiple parties, who then jointly perform
cryptographic operations. An attacker who corrupts up to a threshold
number of parties, however, cannot recover the secrets or violate
security. Prior works in this space have focused on definitions and
constructions for public-key cryptography and digital signatures,
and fails to capture the security concerns and efficiency challenges
of symmetric-key based applications.
We put forth the first formal treatment for threshold symmetric-key
encryption, proposing new notions of correctness, privacy and
authenticity, in presence of passive and active attackers. Our primary
goal is to propose strong and intuitive game-based definitions that
are easy to understand and yield efficient constructions.
We design and implement several efficient constructions meeting
our definitions. Our most efficient instantiation only uses
symmetric-key primitives and achieves a throughput of up to 1 million
encryptions/decryptions per seconds, or alternatively a sub-millisecond
latency with up to 18 participating parties.
Joint work with Payman Mohassel, Peter Rindal, and Pratyay Mukherjee