Abstract
Publicly Verifiable Secret Sharing (PVSS) allows a dealer to publish encrypted shares of a secret so that parties holding the corresponding decryption keys may later reconstruct it. Both dealing and reconstruction are non-interactive and any verifier can check their validity. PVSS finds applications in randomness beacons, distributed key generation (DKG) and in YOSO MPC (Gentry et al. CRYPTO’21), when endowed with suitable publicly verifiable re-sharing as in YOLO YOSO (Cascudo et al. ASIACRYPT’22).
We introduce a PVSS scheme over class groups that achieves similar efficiency to state-of-the art schemes that only allow for reconstructing a function of the secret, while our scheme allows the reconstruction of the original secret. Our construction generalizes the DDH-based scheme of YOLO YOSO to operate over class groups, which poses technical challenges in adapting the necessary NIZKs in face of the unknown group order and the fact that efficient NIZKs of knowledge are not as simple to construct in this setting.
Building on our PVSS scheme’s ability to recover the original secret, we propose two DKG protocols for discrete logarithm key pairs: a biasable 1-round protocol, which improves on the concrete communication/computational complexities of previous works; and a 2-round unbiasable protocol, which improves on the round complexity of previous works. We also add publicly verifiable resharing towards anonymous committees to our PVSS, so that it can be used to efficiently transfer state among committees in the YOSO setting. Together with a recent construction of MPC in the YOSO model based on class groups (Braun et al. CRYPTO’23), this results in the most efficient full realization (i.e. without assuming receiver anonymous channels) of YOSO MPC based on the CDN framework with transparent setup.
Ignacio Cascudo was partially supported by the Spanish Government under the project SecuRing (ref. PID2019-110873RJ-I00) and the PRODIGY Project (TED2021-132464B-I00), both funded by MCIN/AEI/10.13039/501100011033/. PRODIGY is also funded by the European Union NextGenerationEU/PRTR. He was also partially supported by the European Union under GA 101096435 (CONFIDENTIAL-6G). Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Commission. Neither the European Union nor the European Commission can be held responsible for them.
Bernardo David was supported by the Independent Research Fund Denmark (IRFD) grant number 0165-00079B.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Up to a constant due to the time for group operations and size for group elements in class groups being higher than those for DDH-hard groups based on elliptic curves.
- 2.
In coding-theoretic this set is the dual code to the Reed-Solomon code formed by the evaluations of polynomials of degree \(\le d\).
- 3.
As well as for using the ZK proof protocol from [6] which we show in next section.
- 4.
The proofs were in fact introduced for slightly more involved relations, but for simplicity we adapt them for just proving knowledge of discrete logarithm.
- 5.
Notation: To avoid confusion with the group \(G^q\) of q-th powers of elements from G, we denote the direct product of m copies of G, for \(m\in \mathbb {N}\), as \((G)^m\).
- 6.
Recall, that by definition of \(\textrm{Lag}_{}\), \(L_i(X)=\prod _{j\in \mathcal {T}'\setminus \{i\}}\frac{X-\alpha _j}{\alpha _i-\alpha _j}\).
- 7.
In practice we consider \(\kappa =40\) is reasonable.
References
Acharya, A., Hazay, C., Kolesnikov, V., Prabhakaran, M.: SCALES - MPC with small clients and larger ephemeral servers. In: Kiltz, E., Vaikuntanathan, V. (eds.) TCC 2022. LNCS, vol. 13748, pp. 502–531. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-22365-5_18
Bayer, S., Groth, J.: Efficient zero-knowledge argument for correctness of a shuffle. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 263–280. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_17
Benhamouda, F., et al.: Can a public blockchain keep a secret? In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12550, pp. 260–290. Springer, Heidelberg (2020). https://doi.org/10.1007/978-3-030-64375-1_10
Boudot, F., Traoré, J.: Efficient publicly verifiable secret sharing schemes with fast or delayed recovery. In: Varadharajan, V., Yi, M. (eds.) ICICS 1999. LNCS, vol. 1726, pp. 87–102. Springer, Heidelberg (1999). https://doi.org/10.1007/978-3-540-47942-0_8
Bouvier, C., Castagnos, G., Imbert, L., Laguillaumie, F.: I want to ride my BICYCL : BICYCL implements cryptography in class groups. J. Cryptol. 36(3), 17 (2023)
Braun, L., Damgård, I., Orlandi, C.: Secure multiparty computation from threshold encryption based on class groups. In: Handschuh, H., Lysyanskaya, A., (eds.) Advances in Cryptology - CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Santa Barbara, CA, USA, August 20-24, 2023, Proceedings, Part I, vol. 14081. LNCS, pp. 613–645. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-38557-5_20
Campanelli, M., David, B., Khoshakhlagh, H., Konring, A., Nielsen, J.B.: Encryption to the future - a paradigm for sending secret messages to future (anonymous) committees. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022. LNCS, vol. 13793, pp. 151–180. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-22969-5_6
Cascudo, I., David, B.: SCRAPE: scalable randomness attested by public entities. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 17. LNCS, vol. 10355, pp. 537–556. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-61204-1_27
Cascudo, I., David, B.: ALBATROSS: publicly attestable batched randomness based on secret sharing. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12493, pp. 311–341. Springer, Heidelberg (2020). https://doi.org/10.1007/978-3-030-64840-4_11
Cascudo, I., David, B.: Publicly verifiable secret sharing over class groups and applications to DKG and YOSO. Cryptology ePrint Archive, Paper 2023/1651 (2023). https://eprint.iacr.org/2023/1651
Cascudo, I., David, B., Garms, L., Konring, A.: YOLO YOSO: fast and simple encryption and secret sharing in the YOSO model. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022. LNCS, vol. 13791, pp. 651–680. Springer, Heidelberg (2022)
Cascudo, I., David, B., Shlomovits, O., Varlakov, D.: Mt. random: multi-tiered randomness beacons. In: Tibouchi, M., Wang, X., (eds.) Applied Cryptography and Network Security - 21st International Conference, ACNS 2023, Kyoto, Japan, June 19-22, 2023, Proceedings, Part II, vol. 13906, LNCS, pages 645–674. Springer, Cham (2023.) https://doi.org/10.1007/978-3-031-33491-7_24
Castagnos, G., Catalano, D., Laguillaumie, F., Savasta, F., Tucker, I.: Two-party ECDSA from hash proof systems and efficient instantiations. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 191–221. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-030-26954-8_7
Castagnos, G., Catalano, D., Laguillaumie, F., Savasta, F., Tucker, I.: Bandwidth-efficient threshold EC-DSA. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12111, pp. 266–296. Springer, Heidelberg (2020). https://doi.org/10.1007/978-3-030-45388-6_10
Castagnos, G., Imbert, L., Laguillaumie, F.: Encryption switching protocols revisited: Switching modulo \(p\). In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 255–287. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-63688-7_9
Castagnos, G., Laguillaumie, F.: Linearly homomorphic encryption from DDH. In: Nyberg, K., (ed.) Topics in Cryptology - CT-RSA 2015, The Cryptographer’s Track at the RSA Conference 2015, San Francisco, CA, USA, April 20-24, 2015. Proceedings, vol. 9048, LNCS, pp. 487–505. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16715-2_26
Castagnos, G., Laguillaumie, F., Tucker, I.: Practical fully secure unrestricted inner product functional encryption modulo \(p\). In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 733–764. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-030-03329-3_25
Choudhuri, A.R., Goel, A., Green, M., Jain, A., Kaptchuk, G.: Fluid MPC: secure multiparty computation with dynamic participants. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 94–123. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_4
Cramer, R., Damgård, I., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–299. Springer, Heidelberg (2001)
David, B., et al.: Perfect MPC over layered graphs. In: Handschuh, H., Lysyanskaya, A., (eds.), Advances in Cryptology - CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Santa Barbara, CA, USA, August 20-24, 2023, Proceedings, Part I, vol. 14081, LNCS, pp. 360–392. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-38557-5_12
Dobson, S., Galbraith, S.D., Smith, B.: Trustless unknown-order groups. Math. Cryptol. 1(2), 25–39 (2022)
Faust, S., Kohlweiss, M., Marson, G.A., Venturi, D.: On the non-malleability of the Fiat-Shamir transform. In: Galbraith, S.D., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 60–79. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34931-7_5
Fouque, P.-A., Stern, J.: One round threshold discrete-log key generation without private channels. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 300–316. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44586-2_22
Fujisaki, E., Okamoto, T.: A practical and provably secure scheme for publicly verifiable secret sharing and its applications. In: Nyberg, K. (ed.), EUROCRYPT 1998, vol. 1403, LNCS, pp. 32–46. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054115
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999)
Gentry, C., et al.: YOSO: you only speak once - secure MPC with stateless ephemeral roles. In: Malkin, T., Peikert, C., (eds.) CRYPTO 2021, Part II, vol. 12826, LNCS, pp. 64–93. Springer, Heidelberg (2021)
Gentry, C., Halevi, S., Lyubashevsky, V.: Practical non-interactive publicly verifiable secret sharing with thousands of parties. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022, Part I, vol. 13275, LNCS, pp. 458–487. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-06944-4_16
Gentry, C., Halevi, S., Magri, B., Nielsen, J.B., Yakoubov, S.: Random-index PIR and applications. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13044, pp. 32–61. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-90456-2_2
Groth, J.: Non-interactive distributed key generation and key resharing. Cryptology ePrint Archive, Paper 2021/339 (2021). https://eprint.iacr.org/2021/339
Gurkan, K., Jovanovic, P., Maller, M., Meiklejohn, S., Stern, G., Tomescu, A.: Aggregatable distributed key generation. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 147–176. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-77870-5_6
Heidarvand, S., Villar, J.L.: Public verifiability from pairings in secret sharing schemes. In: Avanzi, R.M., Keliher, L., Sica, F., (eds.) SAC 2008, vol. 5381, LNCS, pp. 294–308. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04159-4_19
Kate, A., Mangipudi, E.V., Mukherjee, P., Saleem, H., Aravinda, S., Thyagarajan, K.: Non-interactive VSS using class groups and application to DKG. Cryptology ePrint Archive, Paper 2023/451 (2023). https://eprint.iacr.org/2023/451
Katz, J.: Round optimal robust distributed key generation. Cryptology ePrint Archive, Paper 2023/1094 (2023). https://eprint.iacr.org/2023/1094
Pedersen, P.T.: A threshold cryptosystem without a trusted party (extended abstract) (rump session). In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_47
Rachuri, R., Scholl, P.: Le Mans: dynamic and fluid MPC for dishonest majority. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13507, pp. 719–749. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-15802-5_25
Ruiz, A., Villar, J.L.: Publicly verifiable secret sharing from Paillier’s cryptosystem. In: WEWoRC 2005–Western European Workshop on Research in Cryptology (2005)
Schoenmakers, B.: A simple publicly verifiable secret sharing scheme and its application to electronic. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 148–164. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_10
Stadler, M.: Publicly verifiable secret sharing. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 190–199. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_17
Tucker, I.: Functional encryption and distributed signatures based on projective hash functions, the benefit of class groups. (Chiffrement fonctionnel et signatures distribuées fondés sur des fonctions de hachage à projection, l’apport des groupes de classe). Ph.D. thesis, University of Lyon, France (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 International Association for Cryptologic Research
About this paper
Cite this paper
Cascudo, I., David, B. (2024). Publicly Verifiable Secret Sharing Over Class Groups and Applications to DKG and YOSO. In: Joye, M., Leander, G. (eds) Advances in Cryptology – EUROCRYPT 2024. EUROCRYPT 2024. Lecture Notes in Computer Science, vol 14655. Springer, Cham. https://doi.org/10.1007/978-3-031-58740-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-58740-5_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-58739-9
Online ISBN: 978-3-031-58740-5
eBook Packages: Computer ScienceComputer Science (R0)
