Encrypted Threshold Storage

Our threshold library provides a comprehensive set of functionalities for MPC-based threshold cryptography, including key generation, signature generation, re-encryption, decryption, and selective sharing of encrypted data. These primitives and services enable secure and decentralized cryptographic operations while preserving privacy, fault tolerance, and scalability. By utilizing our threshold library, developers and organizations can enhance the security and privacy of their systems, facilitate secure data sharing, and promote trust and decentralization in their applications.

Traditional storage systems often rely on a centralized entity to store and manage data. However, this centralization poses risks such as a single point of failure or potential data breaches. In contrast, MPC-based threshold storage distributes data across multiple independent entities or servers, where each party holds a portion of the data. The key idea behind MPC is to perform computations on the distributed data without revealing the individual values to any single party.

In the context of threshold storage, the data is split into shares, and each party holds a specific share. The threshold refers to the minimum number of parties required to reconstruct the original data. For example, if the threshold is set to three, at least three out of the five parties need to collaborate to recover the complete data. This approach provides fault tolerance and security guarantees since an adversary would need to compromise multiple parties simultaneously to access the data.

MPC-based threshold storage has applications in various domains, such as secure cloud storage, distributed databases, and privacy-preserving data analysis. By leveraging the power of multiple parties while maintaining privacy and security, it offers an alternative to traditional centralized storage systems.

The majority of our protocol relies on the basic or threshold variants of the standard primitives like ECDSA, BLS, Paillier Encryption and Verifiable Secret Sharing.

Paillier Encryption:

Paillier encryption is a probabilistic asymmetric encryption scheme developed by Pascal Paillier in 1999. It is known for its homomorphic properties, meaning that certain mathematical operations can be performed on the encrypted data without decrypting it first. The Paillier cryptosystem is based on the computational hardness of the Decisional Composite Residuosity assumption.

Overview of the Paillier encryption and decryption process:

  1. Key Generation:

    • Select two large prime numbers, p and q.

    • Compute the modulus, n = p * q.

    • Compute the Carmichael's totient function, λ = lcm(p-1, q-1), where lcm represents the least common multiple.

    • Choose a random integer g such that g is in the multiplicative group of integers modulo n^2.

    • Compute the public key (n, g) and the private key (λ).

  2. Encryption:

    • To encrypt a plaintext message m, which is an integer in the range [0, n-1]:

    • Choose a random integer r, where 0 < r < n and gcd(r, n) = 1.

    • Compute the ciphertext c as c = g^m * r^n mod n^2.

    • The resulting ciphertext c can be safely shared or transmitted.

  3. Decryption:

    • To decrypt the ciphertext c and retrieve the original plaintext message m:

    • Compute the least common multiple of λ and n: μ = λ^-1 mod n.

    • Compute the plaintext message m as m = L(c^λ mod n^2) * μ mod n, where L(x) = (x - 1) / n.

    • The resulting m will be the original plaintext message.

Paillier encryption offers properties such as additive homomorphism, which means that the sum of two ciphertexts is equal to the product of their corresponding plaintexts. This property allows for computations to be performed on encrypted data without the need for decryption. The primary use case is in secure multiparty computation and privacy-preserving protocols. This paillier system plays a vital role in performing computations on encrypted data in the Insaanity protocols threshold key management and signature generation.

Last updated