Abstract

The security of a public key cryptosystem can be enhanced by distributing secret keys among a number of decryption servers: the threshold encryption approach. In EUROCRYPT 2005, Abe et al. showed that the secure threshold key encapsulation mechanism with a tag (threshold Tag-KEM) immediately yields secure threshold encryption; we only have to construct threshold Tag-KEM to construct threshold encryption. In this paper, we propose a construction of CCA-secure threshold Tag-KEM from threshold KEM (without a tag) that achieves one-wayness by utilizing a signature scheme with tight security reduction. Through our construction, we show the first instantiation of CCA-secure threshold encryption whose ciphertext-size and encryption-cost are independent of the number of servers under the RSA assumption in the random oracle model.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.