Visible to the public DiSE: Distributed Symmetric-Key Encryption

TitleDiSE: Distributed Symmetric-Key Encryption
Publication TypeConference Paper
Year of Publication2018
AuthorsAgrawal, Shashank, Mohassel, Payman, Mukherjee, Pratyay, Rindal, Peter
Conference NameProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5693-0
Keywordsauthenticated encryption, distributed pseudo-random functions, Human Behavior, Metrics, pubcrawl, random key generation, resilience, Resiliency, Scalability, secret management systems, threshold cryptography
Abstract

Threshold cryptography provides a mechanism for protecting secret keys by sharing them among multiple parties, who then jointly perform cryptographic operations. An attacker who corrupts up to a threshold number of parties cannot recover the secrets or violate security. Prior works in this space have mostly focused on definitions and constructions for public-key cryptography and digital signatures, and thus do not capture the security concerns and efficiency challenges of symmetric-key based applications which commonly use long-term (unprotected) master keys to protect data at rest, authenticate clients on enterprise networks, and secure data and payments on IoT devices. We put forth the first formal treatment for distributed symmetric-key encryption, proposing new notions of correctness, privacy and authenticity in presence of malicious attackers. We provide strong and intuitive game-based definitions that are easy to understand and yield efficient constructions. We propose a generic construction of threshold authenticated encryption based on any distributed pseudorandom function (DPRF). When instantiated with the two different DPRF constructions proposed by Naor, Pinkas and Reingold (Eurocrypt 1999) and our enhanced versions, we obtain several efficient constructions meeting different security definitions. We implement these variants and provide extensive performance comparisons. Our most efficient instantiation uses only symmetric-key primitives and achieves a throughput of upto 1 million encryptions/decryptions per seconds, or alternatively a sub-millisecond latency with upto 18 participating parties.

URLhttps://dl.acm.org/citation.cfm?doid=3243734.3243774
DOI10.1145/3243734.3243774
Citation Keyagrawal_dise:_2018