Shared decryption
This subprotocol implements the MPC of an ElGamal scheme.
We use the following simple version of ElGamal:
The cleartext is an element of the cryptographic group with points with DDH assumption, is a public key of a recipient. Then, sender creates the cyphertext , where .
In order to decrypt, the recipient calculates .
Now, consider the recipient which is an MPC with parties, and assume they have a -shared private key . Naturally, they can obtain the shared-over-group value .
As a last step, they use conversion described in sharing over groups to obtain coordinate-wise representation of the message .