Adaptive Security for Threshold Cryptosystems
نویسندگان
چکیده
We present adaptively-secure efficient solutions to several central problems in the area of threshold cryptography. We prove these solutions to withstand adaptive attackers that choose parties for corruption at any time during the run of the protocol. In contrast, all previously known efficient protocols for these problems were proven secure only against less realistic static adversaries that choose and fix the subset of corrupted parties before the start of the protocol run. Specifically, we provide adaptively-secure solutions for distributed key generation in discrete-log based cryptosystems, and for the problem of distributed generation of DSS signatures (threshold DSS). We also show how to transform existent static solutions for threshold RSA and proactive schemes to withstand the stronger adaptive attackers. In doing so, we introduce several techniques for the design and analysis of adaptively-secure protocols that may well find further applications.
منابع مشابه
On the design and security of a lattice-based threshold secret sharing scheme
In this paper, we introduce a method of threshold secret sharing scheme (TSSS) in which secret reconstruction is based on Babai's nearest plane algorithm. In order to supply secure public channels for transmitting shares to parties, we need to ensure that there are no quantum threats to these channels. A solution to this problem can be utilization of lattice-based cryptosystems for these channe...
متن کاملAdaptively Secure Threshold Cryptography: Introducing Concurrency, Removing Erasures
We put forward two new measures of security for threshold schemes secure in the adaptive adversary model: security under concurrent composition; and security without the assumption of reliable erasure. Using novel constructions and analytical tools, in both these settings, we exhibit efficient secure threshold protocols for a variety of cryptographic applications. In particular, based on the re...
متن کاملNon-interactive CCA-Secure Threshold Cryptosystems with Adaptive Security: New Framework and Constructions
In threshold cryptography, private keys are divided into n shares, each one of which is given to a different server in order to avoid single points of failure. In the case of threshold public-key encryption, at least t ≤ n servers need to contribute to the decryption process. A threshold primitive is said robust if no coalition of t malicious servers can prevent remaining honest servers from su...
متن کاملAdaptive Security in the Threshold Setting: From Cryptosystems to Signature Schemes
Threshold cryptosystems and signature schemes give ways to distribute trust throughout a group and increase the availability of cryptographic systems. A standard approach in designing these protocols is to base them upon existing single-server systems having the desired properties. Two recent (single-server) signature schemes, one due to Gennaro et al., the other to Cramer and Shoup, have been ...
متن کاملQTRU: quaternionic version of the NTRU public-key cryptosystems
In this paper we will construct a lattice-based public-key cryptosystem using non-commutative quaternion algebra, and since its lattice does not fully fit within Circular and Convolutional Modular Lattice (CCML), we prove it is arguably more secure than the existing lattice-based cryptosystems such as NTRU. As in NTRU, the proposed public-key cryptosystem relies for its inherent securi...
متن کاملAdaptively Secure Threshold Cryptography without the Assumption of Erasure
We exhibit eecient threshold cryptosystems which are secure against adaptive adversaries even when the players cannot erase their local data. Speciically, we present erasure-free adaptively-secure protocols for distributed decryption in Cramer-Shoup cryptosystem. Our techniques are also applicable for distributing the secret-key operation of other cryptosystems, like RSA, DSS, and ElGamal, as w...
متن کامل