search

multiparty / jiff

JavaScript library for building web-based applications that employ secure multi-party computation (MPC).
https://multiparty.org/jiff/
MIT License
254 stars 52 forks source link

Multi-party Encryption? #233

Closed 7-of-9 closed 2 years ago

7-of-9 commented 2 years ago

Hi all, can JIFF to multiparty encryption, i.e. encrypt a message with privKeyA && privKeyB, such that privKeyA || privKeyB can decrypt the message (and extrapolating out to n encrypters/decrypters...)

If so, would be much obliged if someone could point me in the right direction!

KinanBab commented 2 years ago

Hello,

We do not have any implementations of multiparty encryption/decryption in JIFF. It is possible to implement this functionality using the primitives provided by JIFF, but it will probably require significant effort and I am not sure that the resulting implementation will have good performance, depending on which public key encryption scheme you are trying to implement.

You may want to look into homomorphic encryption implementations which usually have some form of distributed key generation and decryption built in. If you are ok with symmetric key crypto, you can do this reasonably efficiently for AES, especially with garbled circuits. There are circuits online for AES (e.g. https://homes.esat.kuleuven.be/~nsmart/MPC/), and you can use these circuits with any compatible library (e.g. SCALE MAMBA, or JIGG).

You may be able to implement something like this yourself (in JIFF or from scratch) if you choose a simple enough protocol (e.g. some sort of EC OPRF-style trick with ElGamal encryption) or by following some paper. But I recommend that you try to find a mostly off-the-shelve solution along the lines of what I mentioned in the earlier paragraph.

Hope this helps.

KinanBab commented 2 years ago

@wyatt-howe do you have some resources or tips that may be helpful here?

wyatt-howe commented 2 years ago

As KInan states, in some cases this may be as simple as commutative encryption, e.g. encrypt multiple times in ElGamal. But this will only work when the encryptors/decryptors parties are the same both times.

If you require decryption to be possible by a subset of the encryptors, you would instead need use a threshold scheme (such as Shamir's polynomial scheme in JIFF) to secret share (or generate jointly) a private key between parties, and encrypt the message with its corresponding public key, where this public key would have to be computed under MPC. This may be possible and practical with JIFF as it is, but we have not implemented any such demo as of yet. RSA key generation may be a good candidate to try and implement in JIFF, at which point you would have all you need for multiparty encryption.

wyatt-howe commented 2 years ago

Also, the circuit based approach will not generalize nicely, so I would recommend against it unless you know exactly the number of parties who need to be involved.