Threshold Cryptography with Silent Setup
Mingyuan Wang
Abstract:
Threshold signature/encryption enables a standard signature/encryption functionality with a distributed signing/decrypting process. It has found many real-world applications, especially in the decentralized setting. Despite decades of research, the default framework of realizing threshold cryptography still relies on linear secret-sharing-based approaches, where the secret key is shared among all parties. This approach typically requires an expensive interactive setup, namely a distributed key generation (DKG) protocol, which presents a significant efficiency bottleneck in practice. Furthermore, it does not support many highly sought-after features such as weights, universe changes, threshold changes, multiverse, etc.
In this talk, I will present some of our recent works, which propose a new silent setup framework for realizing threshold cryptography. In this framework, parties locally sample their key pairs, and afterward, a succinct joint public key can be deterministically derived from all parties' public keys. This completely eliminates the need for interaction during setup. Moreover, it naturally supports desirable features such as universe/threshold changes and weights. Building upon ideas from SNARK literature, we realize this proposed primitive from pairing. Both of our schemes (signature and encryption) are concretely efficient, where the efficiency is comparable to standard threshold signature and encryption. Notably, prior to our work, for the silent threshold encryption primitive, there was no theoretical feasibility result (without relying on general-purpose witness encryption).
This work is mostly based on two works: https://eprint.iacr.org/2023/567.pdf and a follow-up work --- harpocraTEs: Threshold Encryption with Silent Setup (joint with Sanjam Garg, Dimitris Kolonelos, and Guru-Vamsi Policharla), which we will eprint soon.
Bio:
Mingyuan Wang is currently a postdoctoral researcher at UC Berkeley, working with Sanjam Garg. He obtained his Ph.D. at Purdue University. He has a broad research interests in cryptography. His most recent works center around threshold cryptography and information-theoretic cryptography.