IACR News item: 14 June 2021
Leemon Baird, Pratyay Mukherjee, Rohit Sinha
ePrint Report
Time-locked encryption can encrypt a message to a future time such that it can only be decrypted after that time. Potential applications include sealed bid auctions, scheduled confidential transactions, and digital time capsules.
Prior practical schemes for time-locked encryption rely on a clock-equipped trusted server, who periodically publishes a time-specific decryption key based on a long-term secret. Their main idea is to model time periods as identities in an identity-based encryption scheme. While such schemes allow encryption to a future time periods, they offer limited support for decryption of past ciphertexts. In particular, they force a client to be online when the key is published, or interact with the server to re-generate the key.
This paper proposes a new notion of time-locked encryption where an aggregated decryption key can be used to decrypt any ciphertext locked to a prior time. Furthermore, we decentralize the trust amongst a number of servers, such that it can tolerate up to a threshold number of (malicious) corruptions. We call our notion threshold aggregated time-locked encryption (TATLE). We propose a practical construction that supports compact decryption keys as well as compact ciphertexts (both logarithmic in the total lifetime). Our construction is based on bilinear pairing and adapts ideas from Canetti et al.'s binary tree encryption [Eurocypt 2003] and Naor et al.'s distributed pseudorandom functions [Eurocrypt 1999].
Prior practical schemes for time-locked encryption rely on a clock-equipped trusted server, who periodically publishes a time-specific decryption key based on a long-term secret. Their main idea is to model time periods as identities in an identity-based encryption scheme. While such schemes allow encryption to a future time periods, they offer limited support for decryption of past ciphertexts. In particular, they force a client to be online when the key is published, or interact with the server to re-generate the key.
This paper proposes a new notion of time-locked encryption where an aggregated decryption key can be used to decrypt any ciphertext locked to a prior time. Furthermore, we decentralize the trust amongst a number of servers, such that it can tolerate up to a threshold number of (malicious) corruptions. We call our notion threshold aggregated time-locked encryption (TATLE). We propose a practical construction that supports compact decryption keys as well as compact ciphertexts (both logarithmic in the total lifetime). Our construction is based on bilinear pairing and adapts ideas from Canetti et al.'s binary tree encryption [Eurocypt 2003] and Naor et al.'s distributed pseudorandom functions [Eurocrypt 1999].
Additional news items may be found on the IACR news page.