Privacy-preserving server-supported decryption

TL;DR

This paper introduces a privacy-preserving threshold decryption scheme where the server assists without learning the ciphertext's identity, ensuring client privacy and defining new security standards in the universal composability framework.

Contribution

It presents a novel threshold decryption construction that preserves ciphertext privacy and proposes a new security definition within the UC model for blind server-assisted decryption.

Findings

The scheme prevents ciphertext identity leakage to the server.

The protocol is proven secure in the random oracle model.

A formal security framework for blind threshold decryption is established.

Abstract

In this paper, we consider encryption systems with two-out-of-two threshold decryption, where one of the parties (the client) initiates the decryption and the other one (the server) assists. Existing threshold decryption schemes disclose to the server the ciphertext that is being decrypted. We give a construction, where the identity of the ciphertext is not leaked to the server, and the client's privacy is thus preserved. While showing the security of this construction, we run into the issue of defining the security of a scheme with blindly assisted decryption. We discuss previously proposed security definitions for similar cryptographic functionalities and argue why they do not capture the expected meaning of security. We propose an ideal functionality for the encryption with server-supported blind threshold decryption in the universal composability model, carefully balancing between the meaning of privacy, and the ability to implement it. We construct a protocol and show that it is a secure implementation of the proposed functionality in the random oracle model.