Threshold Symmetric Encryption

Shashank Agrawal


Threshold cryptography provides a mechanism for protecting secret keys by sharing them among multiple parties, who then jointly perform cryptographic operations. An attacker who corrupts up to a threshold number of parties, however, cannot recover the secrets or violate security. Prior works in this space have focused on definitions and constructions for public-key cryptography and digital signatures, and fails to capture the security concerns and efficiency challenges of symmetric-key based applications.

We put forth the first formal treatment for threshold symmetric-key encryption, proposing new notions of correctness, privacy and authenticity, in presence of passive and active attackers. Our primary goal is to propose strong and intuitive game-based definitions that are easy to understand and yield efficient constructions.

We design and implement several efficient constructions meeting our definitions. Our most efficient instantiation only uses symmetric-key primitives and achieves a throughput of up to 1 million encryptions/decryptions per seconds, or alternatively a sub-millisecond latency with up to 18 participating parties.

Joint work with Payman Mohassel, Pratyay Mukherjee, and Peter Rindal.

Time and Place

Tuesday, December 5, 4:15pm
Gates 463