A Length-Flexible Threshold Cryptosystem with Applications

  • Ivan Damgård
  • Mads Jurik
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2727)


We propose a public-key cryptosystem which is derived from the Paillier cryptosystem. The scheme inherits the attractive homomorphic properties of Paillier encryption. In addition, we achieve two new properties: First, all users can use the same modulus when generating key pairs, this allows more efficient proofs of relations between different encryptions. Second, we can construct a threshold decryption protocol for our scheme that is length-flexible, i.e., it can handle efficiently messages of arbitrary length, even though the public key and the secret key shares held by decryption servers are of fixed size. We show how to apply this cryptosystem to build a self-tallying election scheme with perfect ballot secrecy, and to build a length-flexible mix-net which is universally verifiable, where the size of keys and ciphertexts do not depend on the number of mix servers, and is robust against a corrupt minority.


length-flexible length-invariant mix-net group decryption self-tallying election perfect ballot secrecy 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    A. Waksman: A permutation network, Journal of the ACM 15(1), January 1968, pp. 159–163.CrossRefGoogle Scholar
  2. 2.
    R. Cramer, I. Damgård and B. Schoenmakers: Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols, Proceedings of Crypto’ 94, Springer Verlag LNCS 839, pp. 174–187.Google Scholar
  3. 3.
    M. Abe: Mix-networks on Permutation Networks, Proceedings of AsiaCrypt’ 99, Springer Verlag LNCS 1716, pp. 258–273.Google Scholar
  4. 4.
    P. Paillier: Public-Key Cryptosystems based on Composite Degree Residue Classes, Proceedings of EuroCrypt’ 99, Springer Verlag LNCS 1592, pp. 223–238.Google Scholar
  5. 5.
    M. Abe and M. Ohkubo: A Length-Invariant Hybrid Mix, Proceedings of AsiaCrypt 2000, Springer Verlag LNCS 1976, pp. 178–191.Google Scholar
  6. 6.
    Y. Desmedt and K. Kurosawa: How to break a practical MIX and design a new one, Proceedings of EuroCrypt 2000, Springer Verlag LNCS 1807, pp. 557–572.CrossRefGoogle Scholar
  7. 7.
    V. Shoup: Practical Threshold Signatures, Proceedings of EuroCrypt 2000, Springer Verlag LNCS 1807, pp. 207–220.CrossRefGoogle Scholar
  8. 8.
    M. Abe and F. Hoshino: Remarks on Mix-network Based on Permutation Networks, Proceedings of PKC 2001, Springer Verlag LNCS 1992, pp. 317–324.Google Scholar
  9. 9.
    I. Damgård and M. Jurik: A Generalisation, a Simplification and some Applications of Paillier’s Probabilistic Public-Key System, Proceedings of PKC 2001, Springer Verlag LNCS 1992, pp. 119–136.Google Scholar
  10. 10.
    I. Damgård and M. Koprowski: Practical Threshold RSA Signatures Without a Trusted Dealer, Proceedings of EuroCrypt 2001, Springer Verlag LNCS 2045, pp. 152–165.Google Scholar
  11. 11.
    M. Jakobsson and A. Juels, An optimally robust hybrid mix network, Annual ACM Symposium on Principles of Distributed Computing 2001, pp 284–292.Google Scholar
  12. 12.
    R. Cramer and V. Shoup: Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption, Proceedings of EuroCrypt 2002, Springer Verlag LNCS 2332, pp. 45–64.Google Scholar
  13. 13.
    J. Algesheimer, J. Camenisch and V. Shoup: Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products Proceedings of Crypto 2002, Springer Verlag LNCS 2442, pp. 417–432.Google Scholar
  14. 14.
    A. Kiayias and M. Yung: Self-Tallying Elections and Perfect Ballot Secrecy, Proceedings of Public Key Cryptography 2002, Springer Verlag LNCS 2274, pp. 141–158.CrossRefGoogle Scholar
  15. 15.
    I. Damgård, and M. Jurik: A Length-Flexible Threshold Cryptosystem with Applications, BRICS report series, record 03/16, Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Ivan Damgård
    • 1
  • Mads Jurik
    • 1
  1. 1.Dept. of Computer Science, BRICSAarhus UniversityAarhus

Personalised recommendations