Chapter

Public Key Cryptography – PKC 2009

Volume 5443 of the series Lecture Notes in Computer Science pp 393-410

Verifiable Rotation of Homomorphic Encryptions

  • Sebastiaan de HooghAffiliated withLancaster UniversityDept. of Mathematics and Computer Science, TU Eindhoven
  • , Berry SchoenmakersAffiliated withLancaster UniversityDept. of Mathematics and Computer Science, TU Eindhoven
  • , Boris ŠkorićAffiliated withLancaster UniversityDept. of Mathematics and Computer Science, TU Eindhoven
  • , José VillegasAffiliated withLancaster UniversityDept. of Mathematics and Computer Science, TU Eindhoven

Abstract

Similar to verifiable shuffling (mixing), we consider the problem of verifiable rotating a given list of homomorphic encryptions. The offset by which the list is rotated (cyclic shift) should remain hidden. Basically, we will present zero-knowledge proofs of knowledge of a rotation offset and re-encryption exponents, which define how the input list is transformed into the output list. We also briefly address various applications of verifiable rotation, ranging from ‘fragile mixing’ as introduced by Reiter and Wang at CCS’04 to applications in protocols for secure multiparty computation and voting.

We present two new, efficient protocols. Our first protocol is quite elegant and involves the use of the Discrete Fourier Transform (as well as the Fast Fourier Transform algorithm), and works under some reasonable conditions. We believe that this is the first time that Fourier Transforms are used to construct an efficient zero-knowledge proof of knowledge.

Our second protocol is more general (requiring no further conditions) and only slightly less efficient than the DFT-based protocol. Unlike the previously best protocol by Reiter and Wang, however, which relies on extensive use of verifiable shuffling as a building block (invoking it four times as a sub-protocol), our construction is direct and its performance is comparable to the performance of a single run of the best protocol for verifiable shuffling.