A Generalisation, a Simpli.cation and Some Applications of Paillier's Probabilistic Public-Key System
We propose a generalisation of Paillier’s probabilistic public key system, in which the expansion factor is reduced and which allows to adjust the block length of the scheme even after the public key has been fixed, without loosing the homomorphic property.We show that the generalisation is as secure as Paillier's original system. We construct a threshold variant of the generalised scheme as well as zero-knowledge protocols to show that a given ciphertext encrypts one of a set of given plaintexts, and protocols to verify multiplicative relations on plaintexts.
We then show how these building blocks can be used for applying the scheme to efficient electronic voting.This reduces dramatically the work needed to compute the final result of an election, compared to the previously best known schemes.We show how the basic scheme for a yes/no vote can be easily adapted to casting a vote for up to t out of L candidates. The same basic building blocks can also be adapted to provide receipt-free elections, under appropriate physical assumptions.The scheme for 1 out of L elections can be optimised such that for a certain range of parameter values, a ballot has size only O(log L) bits.
KeywordsRandom Oracle Security Parameter Random Oracle Model Electronic Vote Semantic Security
- 1.Baudron, Fouque, Pointcheval, Poupard and Stern: Practical Multi-Candidate Election Scheme, manuscript, May 2000.Google Scholar
- 2.Cramer, Damgård and Schoenmakers: Proofs of partial knowledge, Proc. of Crypto 94, Springer Verlag LNCS series nr.839.Google Scholar
- 3.R. Cramer, S. Dziembowski, I. Damgård, M. Hirt and T. Rabin: Efficient Multiparty Computations Secure against an Adaptive Adversary, Proc. of EuroCrypt 99, Springer Verlag LNCS series 1592, pp.311–326.Google Scholar
- 4.R. Cramer, R. Gennaro, B. Schoenmakers: A Secure and Optimally Efficient Multi-Authority Election Scheme, Proceedings of EuroCrypt 97, Springer Verlag LNCS series, pp.103–118.Google Scholar
- 5.Frankel, MacKenzie and Yung: Robust Efficient Distributed RSA-key Generation, proceedings of STOC 98.Google Scholar
- 6.P. Fouque, G. Poupard, J. Stern: Sharing Decryption in the Context of Voting or Lotteries, Proceedings of Financial Crypto 2000.Google Scholar
- 7.L. Guillou and J.-J. Quisquater: A Practical Zero-Knowledge Protocol fitted to Security Microprocessor Minimizing both Transmission and Memory, Proc. of EuroCrypt 88, Springer Verlag LNCS series.Google Scholar
- 8.M. Hirt and K. Sako: Efficient Receipt-Free Voting based on Homomorphic Encryption, Proceedings of EuroCrypt 2000, Springer Verlag LNCS series, pp.539–556.Google Scholar
- 9.P. Pallier: Public-Key Cryptosystems based on Composite Degree Residue Classes, Proceedings of EuroCrypt 99, Springer Verlag LNCS series, pp.223–238.Google Scholar
- 10.V. Shoup: Practical Threshold Signatures, Proceedings of EuroCrypt 2000, Springer Verlag LNCS series, pp.207–220.Google Scholar
- 11.J. Bar-Ilan, and D. Beaver: Non-Cryptographic Fault-Tolerant Computing in a Constant Number of Rounds, Proceedings of the ACM Symposium on Principles of Distributed Computation, 1989, pp.201–209.Google Scholar