Constructions of dynamic and non-dynamic threshold public-key encryption schemes with decryption consistency

Dynamic threshold public-key encryption, proposed by Delerablée and Pointcheval (CRYPTO 2008), is an extension of ordinary threshold encryption which enables decryption servers to join the system even after the setup phase, and to choose the authorized set and the threshold of decryption dynamically. Delerablée and Pointcheval proposed the first dynamic threshold public-key encryption scheme, which they proved secure under a non-standard q-type assumption. However, decryption consistency, which is an important security property that guarantees uniqueness of decryption, even when a sender and decryption servers behave maliciously, is only shown to hold in the random oracle model. In this paper, we propose three threshold public-key encryption schemes. The first and second schemes are both dynamic schemes. The former achieves a relatively weaker variant of decryption consistency, while the latter achieves a strong variant thereof. The former is a generic construction from public-key encryption with non-interactive opening (PKENO), while the latter is a specific construction from a standard number-theoretic assumption. These are the first constructions of dynamic public-key encryption, which achieve decryption consistency without relying on the random oracle model. Furthermore, both schemes can be realized based on standard assumptions. The third construction is a generic construction from PKENO achieving the strong variant of decryption consistency. This construction affirmatively answers the question indirectly posed by Galindo et al. (AFRICACRYPT 2010) of whether a generic construction achieving strong decryption consistency is possible.