IACR News item: 31 July 2025
Mathias Hall-Andersen, Mark Simkin, Benedikt Wagner
ePrint Report
Threshold encryption enables a sender to encrypt a message towards $n$ recipients, such that any sufficiently large subset can decrypt the message, whereas any subset of too small size cannot. Silent threshold encryption additionally requires that all recipients can generate their public keys independently of each other, without engaging in an interactive distributed key generation protocol.
In this work, we present a simple blueprint for constructing such silent threshold encryption schemes, which remain secure as long as the number of corruptions is at most $t \leq (1/2 - \epsilon) \cdot n$, where $\epsilon > 0$ is an arbitrary constant. Our construction allows for ciphertexts and recipient public keys, whose sizes are independent of $n$. We evaluate the concrete efficiency of our construction and show that it is highly efficient. As an exemplary data point, when $t < n/3$, encrypting $1$ MB results in a ciphertext of size $1.067$ MB.
On the technical side, we introduce a new model of corruptions, which we call one-shot adaptive corruptions, which conceptually lie between static and fully adaptive corruptions. We believe that the notion itself and our associated proof techniques may be of independent interest.
In comparison to prior works, we have smaller recipient public keys, do not require strong assumptions, such as indistinguishability obfuscation, or idealizing models, such as the generic group model, we allow for instantiating our blueprint to obtain plausible post-quantum security, and we prove security under a stronger security notion.
In this work, we present a simple blueprint for constructing such silent threshold encryption schemes, which remain secure as long as the number of corruptions is at most $t \leq (1/2 - \epsilon) \cdot n$, where $\epsilon > 0$ is an arbitrary constant. Our construction allows for ciphertexts and recipient public keys, whose sizes are independent of $n$. We evaluate the concrete efficiency of our construction and show that it is highly efficient. As an exemplary data point, when $t < n/3$, encrypting $1$ MB results in a ciphertext of size $1.067$ MB.
On the technical side, we introduce a new model of corruptions, which we call one-shot adaptive corruptions, which conceptually lie between static and fully adaptive corruptions. We believe that the notion itself and our associated proof techniques may be of independent interest.
In comparison to prior works, we have smaller recipient public keys, do not require strong assumptions, such as indistinguishability obfuscation, or idealizing models, such as the generic group model, we allow for instantiating our blueprint to obtain plausible post-quantum security, and we prove security under a stronger security notion.
Additional news items may be found on the IACR news page.