<p>Threshold public-key encryption securely distributes private key shares among multiple participants, requiring a minimum number of them to decrypt messages. We introduce a quantum-resistant threshold public-key encryption scheme based on the code-based Niederreiter cryptosystem that achieves security against chosen ciphertext attacks. A previous attempt was made recently by Takahashi, Hashimoto, and Ogata but we show that it contains a critical security flaw that allow adversaries to exploit malformed ciphertexts to gain information about the secret key. We formalize a generic conversion enhancing security of (classical) public-key encryption from one-wayness against passive attacks to indistinguishability against chosen-ciphertext attacks. The conversion uses a non-interactive zero-knowledge argument with strong security properties to ensure ciphertext well-formedness. We then provide an instantiation for Niederreiter ciphertexts based on recent techniques introduced in the “MPC-in-the-head” paradigm. The publicly verifiable validity of ciphertexts makes this scheme suitable for threshold public-key encryption and prevents an attack similar to the one on Takahashi–Hashimoto–Ogata scheme. Finally, we introduce a field-switching technique that allows to improve the multi-party computation protocol for decryption, reducing the shared secret key size and computational overhead.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Threshold Niederreiter: chosen-ciphertext security and improved distributed decoding

  • Pascal Giorgi,
  • Fabien Laguillaumie,
  • Lucas Ottow,
  • Damien Vergnaud

摘要

Threshold public-key encryption securely distributes private key shares among multiple participants, requiring a minimum number of them to decrypt messages. We introduce a quantum-resistant threshold public-key encryption scheme based on the code-based Niederreiter cryptosystem that achieves security against chosen ciphertext attacks. A previous attempt was made recently by Takahashi, Hashimoto, and Ogata but we show that it contains a critical security flaw that allow adversaries to exploit malformed ciphertexts to gain information about the secret key. We formalize a generic conversion enhancing security of (classical) public-key encryption from one-wayness against passive attacks to indistinguishability against chosen-ciphertext attacks. The conversion uses a non-interactive zero-knowledge argument with strong security properties to ensure ciphertext well-formedness. We then provide an instantiation for Niederreiter ciphertexts based on recent techniques introduced in the “MPC-in-the-head” paradigm. The publicly verifiable validity of ciphertexts makes this scheme suitable for threshold public-key encryption and prevents an attack similar to the one on Takahashi–Hashimoto–Ogata scheme. Finally, we introduce a field-switching technique that allows to improve the multi-party computation protocol for decryption, reducing the shared secret key size and computational overhead.