Threshold Symmetric Encryption
Shashank Agrawal
Abstract:
Threshold cryptography provides a mechanism for protecting secret keys by sharing them among multiple parties, who then jointly perform cryptographic operations. An attacker who corrupts up to a threshold number of parties, however, cannot recover the secrets or violate security. Prior work in this space have focused on definitions and constructions for public-key cryptography and digital signatures, and fails to capture the security concerns and efficiency challenges of symmetric-key based applications.
In this talk, I will present the first formal treatment for threshold symmetric-key encryption. I will discuss new notions of correctness, privacy and authenticity in the presence of passive and active attackers. These notions are defined in such a way that they are strong, intuitive, and yield efficient constructions. I will describe the subtleties that arise in meeting such requirements.
In the second part of the talk, I will describe several efficient constructions that meet our definitions, and how we implement and test them. Our most efficient instantiation only uses symmetric-key primitives and achieves a throughput of up to 1 million encryptions/decryptions per seconds, or alternatively a sub-millisecond latency with up to 18 participating parties.
Joint work with Payman Mohassel, Pratyay Mukherjee, and Peter Rindal.