Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Trustless Distributed Symmetric-key Encryption

Florian Le Mouël, Maxime Godon, Renaud Brien, Erwan Beurier, Nora Boulahia-Cuppens, Frédéric Cuppens

TL;DR

This work addresses secure distributed symmetric-key encryption without a trusted dealer by introducing Trustless DiSE (TDiSE). It builds a dealer-free setup for a $k$-of-$n$ Threshold Symmetric-key Encryption using a Distributed Key Generation (DKG) approach that leverages a strongly secure threshold DPRF based on the DDH assumption, combined with commitment schemes and Shamir secret sharing. The authors provide a security proof in the Random Oracle Model under static corruption and demonstrate a Python-based proof-of-concept with timing measurements that show setup overhead is polynomial but encryption/decryption performance matches the original DiSE. The scheme removes the single point of failure associated with a TTP, enabling cross-entity collaboration without mutual trust, and discusses proactive security via key updates and potential post-quantum extensions. Overall, TDiSE enables scalable, dealer-free confidential encryption across mutually untrusted parties with rigorous security guarantees and practical feasibility considerations.

Abstract

Threshold cryptography has gained momentum in the last decades as a mechanism to protect long term secret keys. Rather than having a single secret key, this allows to distribute the ability to perform a cryptographic operation such as signing or encrypting. Threshold cryptographic operations are shared among different parties such that a threshold number of them must participate in order to run the operation. This makes the job of an attacker strictly more difficult in the sense that they would have to corrupt at least a threshold number of parties to breach the security. Most works in this field focus on asymmetric-key schemes that allow threshold signing or decrypting. We focus on the symmetric-key setting, allowing both threshold encryption and threshold decryption. Previous work relies on the presence of a trusted third party. Such a party may not exist in some use cases, and it represents a single point of failure. We propose to remove the requirement of a trusted third party by designing a dealer-free setup in which no entity can at any point obtain full knowledge of the secret keys. We implement a proof of concept of our construction in Python. We evaluate the proof of concept with timing metrics to compare to theoretical expectations and assess the cost in complexity of not relying on a trusted third party. While the setup phase suffers moderate additional cost, the encryption and decryption phases perform the same as the original algorithm.

Trustless Distributed Symmetric-key Encryption

TL;DR

This work addresses secure distributed symmetric-key encryption without a trusted dealer by introducing Trustless DiSE (TDiSE). It builds a dealer-free setup for a -of- Threshold Symmetric-key Encryption using a Distributed Key Generation (DKG) approach that leverages a strongly secure threshold DPRF based on the DDH assumption, combined with commitment schemes and Shamir secret sharing. The authors provide a security proof in the Random Oracle Model under static corruption and demonstrate a Python-based proof-of-concept with timing measurements that show setup overhead is polynomial but encryption/decryption performance matches the original DiSE. The scheme removes the single point of failure associated with a TTP, enabling cross-entity collaboration without mutual trust, and discusses proactive security via key updates and potential post-quantum extensions. Overall, TDiSE enables scalable, dealer-free confidential encryption across mutually untrusted parties with rigorous security guarantees and practical feasibility considerations.

Abstract

Threshold cryptography has gained momentum in the last decades as a mechanism to protect long term secret keys. Rather than having a single secret key, this allows to distribute the ability to perform a cryptographic operation such as signing or encrypting. Threshold cryptographic operations are shared among different parties such that a threshold number of them must participate in order to run the operation. This makes the job of an attacker strictly more difficult in the sense that they would have to corrupt at least a threshold number of parties to breach the security. Most works in this field focus on asymmetric-key schemes that allow threshold signing or decrypting. We focus on the symmetric-key setting, allowing both threshold encryption and threshold decryption. Previous work relies on the presence of a trusted third party. Such a party may not exist in some use cases, and it represents a single point of failure. We propose to remove the requirement of a trusted third party by designing a dealer-free setup in which no entity can at any point obtain full knowledge of the secret keys. We implement a proof of concept of our construction in Python. We evaluate the proof of concept with timing metrics to compare to theoretical expectations and assess the cost in complexity of not relying on a trusted third party. While the setup phase suffers moderate additional cost, the encryption and decryption phases perform the same as the original algorithm.
Paper Structure (27 sections, 8 equations, 2 tables, 7 algorithms)

This paper contains 27 sections, 8 equations, 2 tables, 7 algorithms.

Table of Contents

  1. Introduction
  2. Related works
  3. Secret Sharing Schemes
  4. Distributed Pseudo-Random Functions (DPRF)
  5. Distributed Asymmetric-key Cryptography
  6. Distributed Symmetric-key Cryptography
  7. Background
  8. Notations
  9. Prerequisites
  10. Commitment schemes
  11. Instantiations
  12. Threshold secret-sharing schemes
  13. Instantiation
  14. Distributed Pseudo-Random Functions
  15. Instantiations
  16. ...and 12 more sections

Theorems & Definitions (3)

  • proof
  • proof : Proof of Lemma \ref{['randomness']}
  • proof : Proof of Lemma \ref{['guessing']}