Paper 2022/1143

Threshold Linearly Homomorphic Encryption on $\mathbf{Z}/2^k\mathbf{Z}$

Guilhem Castagnos, Institut de Mathématiques de Bordeaux
Fabien Laguillaumie, Montpellier Laboratory of Informatics, Robotics and Microelectronics
Ida Tucker, IMDEA Software, Zondax AG
Abstract

A threshold public key encryption protocol is a public key system where the private key is distributed among $n$ different servers. It offers high security since no single server is entrusted to perform the decryption in its entirety. It is the core component of many multiparty computation protocols which involves mutually distrusting parties with common goals. It is even more useful when it is homomorphic, which means that public operations on ciphertexts translate to operations on the underlying plaintexts. In particular, Cramer, Damgård and Nielsen at Eurocrypt 2001 provided a new approach to multiparty computation from linearly homomorphic threshold encryption schemes. On the other hand, there has been recent interest in developing multiparty computations modulo $2^k$ for a certain integer $k$, that closely match data manipulated by a CPU. Multiparty computation would therefore benefit from an encryption scheme with such a message space that would support a distributed decryption. In this work, we provide the first threshold linearly homomorphic encryption whose message space is $\mathbf{Z}/2^k\mathbf{Z}$ for any $k$. It is inspired by Castagnos and Laguillaumie's encryption scheme from RSA 2015, but works with a class group of discriminant whose factorisation is unknown. Its natural structure à la Elgamal makes it possible to distribute the decryption among servers using linear integer secret sharing, allowing any access structure for the decryption policy. Furthermore its efficiency and its flexibility on the choice of the message space make it a good candidate for applications to multiparty computation.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published by the IACR in ASIACRYPT 2022
Keywords
Class groups of quadratic fields Linearly homomorphic encryption Threshold cryptography
Contact author(s)
guilhem castagnos @ math u-bordeaux fr
History
2022-09-05: approved
2022-09-02: received
See all versions
Short URL
https://ia.cr/2022/1143
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1143,
      author = {Guilhem Castagnos and Fabien Laguillaumie and Ida Tucker},
      title = {Threshold Linearly Homomorphic Encryption on $\mathbf{Z}/2^k\mathbf{Z}$},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1143},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1143}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.