Trustless Distributed Symmetric-key Encryption

TL;DR

This paper introduces a trustless threshold symmetric-key encryption scheme that eliminates the need for a trusted third party, enhancing security and decentralization in cryptographic operations.

Contribution

It presents the first dealer-free threshold symmetric-key encryption scheme, removing reliance on a trusted third party and ensuring no entity can fully access the secret keys.

Findings

Setup phase has moderate additional cost

Encryption and decryption performance comparable to original algorithms

Proof of concept implemented and evaluated in Python

Abstract

Threshold cryptography has gained momentum in the last decades as a mechanism to protect long term secret keys. Rather than having a single secret key, this allows to distribute the ability to perform a cryptographic operation such as signing or encrypting. Threshold cryptographic operations are shared among different parties such that a threshold number of them must participate in order to run the operation. This makes the job of an attacker strictly more difficult in the sense that they would have to corrupt at least a threshold number of parties to breach the security. Most works in this field focus on asymmetric-key schemes that allow threshold signing or decrypting. We focus on the symmetric-key setting, allowing both threshold encryption and threshold decryption. Previous work relies on the presence of a trusted third party. Such a party may not exist in some use cases, and it represents a single point of failure. We propose to remove the requirement of a trusted third party by designing a dealer-free setup in which no entity can at any point obtain full knowledge of the secret keys. We implement a proof of concept of our construction in Python. We evaluate the proof of concept with timing metrics to compare to theoretical expectations and assess the cost in complexity of not relying on a trusted third party. While the setup phase suffers moderate additional cost, the encryption and decryption phases perform the same as the original algorithm.