Privacy-preserving server-supported decryption
Peeter Laud, Alisa Pankova, Jelizaveta Vakarjuk
TL;DR
This paper constructs a protocol and shows that it is a secure implementation of the proposed functionality in the random oracle model, and proposes an ideal functionality for the encryption with server-supported blind threshold decryption in the universal composability model.
Abstract
In this paper, we consider encryption systems with two-out-of-two threshold decryption, where one of the parties (the client) initiates the decryption and the other one (the server) assists. Existing threshold decryption schemes disclose to the server the ciphertext that is being decrypted. We give a construction, where the identity of the ciphertext is not leaked to the server, and the client's privacy is thus preserved. While showing the security of this construction, we run into the issue of defining the security of a scheme with blindly assisted decryption. We discuss previously proposed security definitions for similar cryptographic functionalities and argue why they do not capture the expected meaning of security. We propose an ideal functionality for the encryption with server-supported blind threshold decryption in the universal composability model, carefully balancing between the meaning of privacy, and the ability to implement it. We construct a protocol and show that it is a secure implementation of the proposed functionality in the random oracle model.