Skip to main content
SpringerLink
Log in

Cryptography with Weights: MPC, Encryption and Signatures

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2023 (CRYPTO 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14081))

Included in the following conference series:

  • 1592 Accesses

Abstract

The security of many powerful cryptographic systems such as secure multiparty computation, threshold encryption, and threshold signatures rests on trust assumptions about the parties. The de-facto model treats all parties equally and requires that a certain fraction of the parties are honest. While this paradigm of one-person-one-vote has been very successful over the years, current and emerging practical use cases suggest that it is outdated.

In this work, we consider weighted cryptosystems where every party is assigned a certain weight and the trust assumption is that a certain fraction of the total weight is honest. This setting can be translated to the standard setting (where each party has a unit weight) via virtualization. However, this method is quite expensive, incurring a multiplicative overhead in the weight.

We present new weighted cryptosystems with significantly better efficiency: our proposed schemes incur only an additive overhead in weights.

  • We first present a weighted ramp secret-sharing scheme (WRSS) where the size of a secret share is O(w) (where w corresponds to the weight). In comparison, Shamir’s secret sharing with virtualization requires secret shares of size \(w\cdot \lambda \), where \(\lambda =\log |{\mathbb {F}}|\) is the security parameter.

  • Next, we use our WRSS to construct weighted versions of (semi-honest) secure multiparty computation (MPC), threshold encryption, and threshold signatures. All these schemes inherit the efficiency of our WRSS and incur only an additive overhead in weights.

Our WRSS is based on the Chinese remainder theorem-based secret-sharing scheme. Interestingly, this secret-sharing scheme is non-linear and only achieves statistical privacy. These distinct features introduce several technical hurdles in applications to MPC and threshold cryptosystems. We resolve these challenges by developing several new ideas.

S. Garg, M. Wang, and Y. Zhang–Were supported in part by DARPA under Agreement No. HR00112020026, AFOSR Award FA9550-19-1-0200, NSF CNS Award 1936826, and research grants by the Sloan Foundation, and Visa Inc. The second author was supported in part by NSF CNS-1814919, NSF CAREER 1942789, Johns Hopkins University Catalyst award, AFOSR Award FA9550-19-1-0200, JP Morgan Faculty Award, and research gifts from Ethereum, Stellar and Cisco. Any opinions, findings and conclusions, or recommendations in this material are those of the authors and do not necessarily reflect the views of the United States Government or DARPA.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In all theorems, the size and the communication complexity are measured by bits.

  2. 2.

    This can always be achieved by multiplying all weights by a large enough factor.

  3. 3.

    Their scheme is described informally on Page-6, after Remark 1. See the online version at https://core.ac.uk/download/pdf/147979029.pdf of the paper [31].

  4. 4.

    To our best knowledge, the only formal security analysis for CRT-based secret sharing appears in [27], where they studied how to error-correct CRT-based codes.

  5. 5.

    For instance, if the wiretap channel in use is the binary symmetric channel, the share size is \(\varTheta \left( \frac{1}{(\alpha -\beta )^2}\right) \). We refer the readers to their paper for details.

  6. 6.

    To elaborate, in their scheme, the secret s is viewed as a binary string and encoded using some binary error-correcting code \(\textsf{Enc}(s)\) padded with n instances of noises \(\rho _1,\rho _2,\ldots ,\rho _n\), i.e., \(\textsf{Enc}(s)\oplus \rho _1\oplus \cdots \oplus \rho _n\). The noisy encoding is public, while the secret share of party i is \(\rho _i\), Intuitively, one could reconstruct the secret by canceling the noise in noisy encoding with the secret shares. If one gets sufficient many secret shares, one could reconstruct the secret; if one has few secret shares, the encoding is noisy enough to hide s. Clearly, one could not locally compute a secret sharing of, for instance, \(x+y\in \mathbb F\) given the secret shares of both x and y.

  7. 7.

    We consider linear scheme over the natural field \({\mathbb {F}}\) that the secret lives in. In particular, the discussion here does not include the linear ramp scheme that we discussed in Sect. 1.2, which is over some unnatural field \({\mathbb {F}}'\) that breaks the algebraic structure of the secret.

  8. 8.

    Unless one could generically transform a set of weight \(\{w_i\}\) to another set of weights \(\{w'_i\}\) that are significantly smaller (i.e., \(w'_i = o(w_i)\)), but define the same access structure. However, this seems extremely challenging, if at all possible.

  9. 9.

    We note that \(\lambda _i\) could be efficiently computed. Refer to Remark 2.

  10. 10.

    In fact, their statistical distance is quite far. In particular, the distribution of the integer \(X+Y\), where \(X = x+u\cdot p_0\) and \(Y=y+u'\cdot p_0\) is very different from the integer \((x+y)+u''\cdot p_0\).

  11. 11.

    We call this a degree reduction protocol as it is reminiscent of the degree reduction protocol in the BGW protocol based on Shamir’s secret sharing. In Shamir’s secret sharing, the product of two secrets shared by a degree-t polynomial is shared by a degree-2t polynomial. A degree reduction protocol in this case brings down the degree of the polynomial back to t.

  12. 12.

    Measured by the parameter L.

  13. 13.

    To ensure they are coprime, we may pick \(p_i\) to be a distinct prime of length \(w_i\).

  14. 14.

    There are \(2^{w_i}/(n+1)\) many integers between \(2^{w_i}/(1+1/n)\) and \(2^{w_i}\), among which, there are asymptotically \(2^{w_i}/((n+1)\cdot w_i)\) many primes numbers. Therefore, as long as \(w_i\) is large enough, e.g., \(\textsf{polylog}(\lambda )\), one could always pick a \(p_i\) for all parties. Even if the smallest \(w_i\) is a small constant, one could always multiply every weight by some small factor to enable this.

  15. 15.

    I.e., the cumulative weight of the corrupted party is less than half of the total weight.

  16. 16.

    The term p/N will always be small since p is the product of the adversary’s \(p_i\), which is at most \(2^t\). The WRSS scheme requires that whenever we pick a random lift integer, we shall always pick a domain much larger than \(2^t\).

References

  1. Applebaum, B., Beimel, A., Farràs, O., Nir, O., Peter, N.: Secret-sharing schemes for general and uniform access structures. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part III. LNCS, vol. 11478, pp. 441–471. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_15

    Chapter  Google Scholar 

  2. Applebaum, B., Beimel, A., Nir, O., Peter, N.: Better secret sharing via robust conditional disclosure of secrets. In: Makarychev, K., Makarychev, Y., Tulsiani, M., Kamath, G., Chuzhoy, J. (eds.), 52nd ACM STOC, pp. 280–293. ACM Press, June 2020

    Google Scholar 

  3. Applebaum, B., Nir, O.: Upslices, downslices, and secret-sharing with complexity of \(1.5^n\). In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part III. LNCS, vol. 12827, pp. 627–655. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_21

    Chapter  Google Scholar 

  4. Asharov, G., Lindell, Y.: A full proof of the BGW protocol for perfectly secure multiparty computation. J. Cryptology 30(1), 58–151 (2017)

    Article  MathSciNet  MATH  Google Scholar 

  5. Asmuth, C., Bloom, J.: A modular approach to key safeguarding. IEEE Trans. Inf. Theory 29(2), 208–210 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  6. Beaver, D.: Efficient multiparty protocols using circuit randomization. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 420–432. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_34

    Chapter  Google Scholar 

  7. Beck, G., Goel, A., Jain, A., Kaptchuk, G.: Order-c secure multiparty computation for highly repetitive circuits. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021, Part II. LNCS, vol. 12697, pp. 663–693. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77886-6_23

    Chapter  Google Scholar 

  8. Beimel, A., Ishai, Y.: On the power of nonlinear secret-sharing. IACR Cryptol. ePrint Arch., p. 30 (2001)

    Google Scholar 

  9. Beimel, A., Tassa, T., Weinreb, E.: Characterizing ideal weighted threshold secret sharing. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 600–619. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_32

    Chapter  Google Scholar 

  10. Beimel, A., Weinreb, E.: Monotone circuits for monotone weighted threshold functions. Inf. Process. Lett. 97(1), 12–18 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  11. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: 20th ACM STOC, pp. 1–10. ACM Press, May 1988

    Google Scholar 

  12. Benhamouda, F., Halevi, S., Stambler, L.: Weighted secret sharing from wiretap channels. In: ITC (2023)

    Google Scholar 

  13. Blakley, G.R., Meadows, C.: Security of ramp schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 242–268. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_20

    Chapter  Google Scholar 

  14. Breidenbach, L., et al.: Chainlink 2.0: next steps in the evolution of decentralized oracle networks. Chainlink Labs (2021)

    Google Scholar 

  15. Chaidos, P., Kiayias, A.: Mithril: stake-based threshold multisignatures. Cryptology ePrint Archive, Report 2021/916 (2021). https://eprint.iacr.org/2021/916

  16. Choudhuri, A.R., Goel, A., Green, M., Jain, A., Kaptchuk, G.: Fluid MPC: secure multiparty computation with dynamic participants. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part II. LNCS, vol. 12826, pp. 94–123. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_4

    Chapter  Google Scholar 

  17. Damgård, I., Ishai, Y., Krøigaard, M.: Perfectly secure multiparty computation and the computational overhead of cryptography. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 445–465. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_23

    Chapter  Google Scholar 

  18. Damgård, I., Ishai, Y., Krøigaard, M., Nielsen, J.B., Smith, A.: Scalable multiparty computation with nearly optimal work and resilience. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 241–261. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_14

    Chapter  Google Scholar 

  19. Desmedt, Y.: Society and group oriented cryptography: a new concept. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 120–127. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_8

    Chapter  Google Scholar 

  20. Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_28

    Chapter  Google Scholar 

  21. Ellis, S., Juels, A., Nazarov, S.: Chainlink: a decentralized oracle network. Retrieved March 11(2018), 1 (2017)

    Google Scholar 

  22. Escudero, D., Goyal, V., Polychroniadou, A., Song, Y.: TurboPack: honest majority MPC with constant online communication. In: Yin, H., Stavrou, A., Cremers, C., Shi, E. (eds.), ACM CCS 2022, pp. 951–964. ACM Press, November 2022

    Google Scholar 

  23. Franklin, M.K., Yung, M.: Communication complexity of secure computation (extended abstract). In: 24th ACM STOC, pp. 699–710. ACM Press, May 1992

    Google Scholar 

  24. Gennaro, R., Goldfeder, S.: Fast multiparty threshold ECDSA with fast trustless setup. In: Lie, D., Mannan, M., Backes, M., Wang, X.F. (eds.), ACM CCS 2018, pp. 1179–1194. ACM Press, October 2018

    Google Scholar 

  25. Gentry, C., et al.: YOSO: you only speak once. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part II. LNCS, vol. 12826, pp. 64–93. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_3

    Chapter  Google Scholar 

  26. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A. (ed.), 19th ACM STOC, pp. 218–229. ACM Press, May 1987

    Google Scholar 

  27. Goldreich, O., Ron, D., Sudan, M.: Chinese remaindering with errors. In: 31st ACM STOC, pp. 225–234. ACM Press, May 1999

    Google Scholar 

  28. Goyal, V., Polychroniadou, A., Song, Y.: Unconditional communication-efficient MPC via hall’s marriage theorem. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part II. LNCS, vol. 12826, pp. 275–304. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_10

    Chapter  Google Scholar 

  29. Harn, L., Miao, F.: Weighted secret sharing based on the Chinese remainder theorem. Int. J. Netw. Secur. 16(6), 420–425 (2014)

    MATH  Google Scholar 

  30. Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  31. Iftene, S., Boureanu, I.: Weighted threshold secret sharing based on the Chinese remainder theorem. Sci. Ann. Cuza Univ. 15, 161–172 (2005)

    MathSciNet  MATH  Google Scholar 

  32. Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: a provably secure proof-of-stake blockchain protocol. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 357–388. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_12

    Chapter  Google Scholar 

  33. Lindell, Y., Nof, A.: Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.), ACM CCS 2018, pp. 1837–1854. ACM Press, October 2018

    Google Scholar 

  34. Liu, T., Vaikuntanathan, V.: Breaking the circuit-size barrier in secret sharing. In: Diakonikolas, I., Kempe, D., Henzinger, M. (eds.), 50th ACM STOC, pp. 699–708. ACM Press, June 2018

    Google Scholar 

  35. Mignotte, M.: How to share a secret. In: Beth, T. (ed.) EUROCRYPT 1982. LNCS, vol. 149, pp. 371–375. Springer, Heidelberg (1983). https://doi.org/10.1007/3-540-39466-4_27

    Chapter  Google Scholar 

  36. Morillo, P., Padró, C., Sáez, G., Villar, J.L.: Weighted threshold secret sharing schemes. Inf. Process. Lett. 70(5), 211–216 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  37. National institute of standards and technology. Multi-party threshold cryptography (2018)

    Google Scholar 

  38. Shamir, A.: How to share a secret. Commun. Assoc. Comput. Mach. 22(11), 612–613 (1979)

    MathSciNet  MATH  Google Scholar 

  39. Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_18

    Chapter  Google Scholar 

  40. Stathakopoulous, C., Cachin, C.: Threshold signatures for blockchain systems. Swiss Federal Institute of Technology, vol. 30 (2017)

    Google Scholar 

  41. Stinson, D.R., Wei, R.: An application of ramp schemes to broadcast encryption. Inf. Process. Lett. 69(3), 131–135 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  42. Vinod, V., Narayanan, A., Srinathan, K., Rangan, C.P., Kim, K.: On the power of computational secret sharing. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 162–176. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-24582-7_12

    Chapter  Google Scholar 

  43. Yao, A.C.C.: How to generate and exchange secrets (extended abstract). In: 27th FOCS, pp. 162–167. IEEE Computer Society Press, October 1986

    Google Scholar 

  44. Zou, X., Maino, F., Bertino, E., Sui, Y., Wang, K., Li, F.: A new approach to weighted multi-secret sharing. In: Wang, H., Li, J., Rouskas, G.N., Zhou, X. (eds.), Proceedings of 20th International Conference on Computer Communications and Networks, ICCCN 2011, Maui, Hawaii, USA, July 31–August 4, 2011, pp. 1–6. IEEE (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. UC Berkeley and NTT Research, Berkeley, USA

    Sanjam Garg

  2. John Hopkins University, Baltimore, USA

    Abhishek Jain

  3. Supra Research, Kelowna, Canada

    Pratyay Mukherjee

  4. Swirlds Labs, Dallas, USA

    Rohit Sinha

  5. UC Berkeley, Berkeley, USA

    Mingyuan Wang & Yinuo Zhang

Authors
  1. Sanjam Garg
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abhishek Jain
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pratyay Mukherjee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rohit Sinha
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mingyuan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yinuo Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sanjam Garg .

Editor information

Editors and Affiliations

  1. Rambus Inc., San Jose, CA, USA

    Helena Handschuh

  2. Brown University, Providence, RI, USA

    Anna Lysyanskaya

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Garg, S., Jain, A., Mukherjee, P., Sinha, R., Wang, M., Zhang, Y. (2023). Cryptography with Weights: MPC, Encryption and Signatures. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14081. Springer, Cham. https://doi.org/10.1007/978-3-031-38557-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-38557-5_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-38556-8

  • Online ISBN: 978-3-031-38557-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation