Threshold Symmetric Encryption

Shashank Agrawal


Threshold cryptography provides a mechanism for protecting secret keys by sharing them among multiple parties, who then jointly perform cryptographic operations. An attacker who corrupts up to a threshold number of parties, however, cannot recover the secrets or violate security. Prior work in this space have focused on definitions and constructions for public-key cryptography and digital signatures, and fails to capture the security concerns and efficiency challenges of symmetric-key based applications.

In this talk, I will present the first formal treatment for threshold symmetric-key encryption. I will discuss new notions of correctness, privacy and authenticity in the presence of passive and active attackers. These notions are defined in such a way that they are strong, intuitive, and yield efficient constructions. I will describe the subtleties that arise in meeting such requirements.

In the second part of the talk, I will describe several efficient constructions that meet our definitions, and how we implement and test them. Our most efficient instantiation only uses symmetric-key primitives and achieves a throughput of up to 1 million encryptions/decryptions per seconds, or alternatively a sub-millisecond latency with up to 18 participating parties.

Joint work with Payman Mohassel, Pratyay Mukherjee, and Peter Rindal.

Time and Place

Tuesday, December 5, 4:15pm
Gates 463