1. DiSE: Distributed Symmetric-key Encryption 2018 CCS SymmetricKey
    Shashank Agrawal, Payman Mohassel, Pratyay Mukherjee and Peter Rindal
    [View PDF on eprint.iacr.org]
    [Show BibTex Citation]

    @inproceedings{Agrawal:2018:DDS:3243734.3243774,
    author = {Agrawal, Shashank and Mohassel, Payman and Mukherjee, Pratyay and Rindal, Peter},
    title = {DiSE: Distributed Symmetric-key Encryption},
    booktitle = {Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security},
    series = {CCS '18},
    year = {2018},
    isbn = {978-1-4503-5693-0},
    location = {Toronto, Canada},
    pages = {1993--2010},
    numpages = {18},
    url = {http://doi.acm.org/10.1145/3243734.3243774},
    doi = {10.1145/3243734.3243774},
    acmid = {3243774},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {authenticated encryption, distributed pseudo-random functions, secret management systems, threshold cryptography},
    }

Threshold cryptography provides a mechanism for protecting secret keys by sharing them among multiple parties, who then jointly perform cryptographic operations. An attacker who corrupts upto a threshold number of parties cannot recover the secrets or violate security. Prior works in this space have mostly focused on definitions and constructions for public-key cryptography and digital signatures, and thus do not capture the security concerns and efficiency challenges of symmetric-key based applications which commonly use long-term (unprotected) master keys to protect data at rest, authenticate clients on enterprise networks, and secure data and payments on IoT devices.

We put forth the first formal treatment for distributed symmetric-key encryption, proposing new notions of correctness, privacy and authenticity in presence of malicious attackers. We provide strong and intuitive game-based definitions that are easy to understand and yield efficient constructions.

We propose a generic construction of threshold authenticated encryption based on any distributed pseudorandom function (DPRF). When instantiated with the two different DPRF constructions proposed by Naor, Pinkas and Reingold (Eurocrypt 1999) and our enhanced versions, we obtain several efficient constructions meeting different security definitions. We implement these variants and provide extensive performance comparisons. Our most efficient instantiation uses only symmetric-key primitives and achieves a throughput of upto 1 million encryptions/decryptions per seconds, or alternatively a sub-millisecond latency with upto 18 participating parties.

  1.