A Length-Flexible Threshold Cryptosystem with Applications
We propose a public-key cryptosystem which is derived from the Paillier cryptosystem. The scheme inherits the attractive homomorphic properties of Paillier encryption. In addition, we achieve two new properties: First, all users can use the same modulus when generating key pairs, this allows more efficient proofs of relations between different encryptions. Second, we can construct a threshold decryption protocol for our scheme that is length-flexible, i.e., it can handle efficiently messages of arbitrary length, even though the public key and the secret key shares held by decryption servers are of fixed size. We show how to apply this cryptosystem to build a self-tallying election scheme with perfect ballot secrecy, and to build a length-flexible mix-net which is universally verifiable, where the size of keys and ciphertexts do not depend on the number of mix servers, and is robust against a corrupt minority.
Keywordslength-flexible length-invariant mix-net group decryption self-tallying election perfect ballot secrecy
Unable to display preview. Download preview PDF.
- 2.R. Cramer, I. Damgård and B. Schoenmakers: Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols, Proceedings of Crypto’ 94, Springer Verlag LNCS 839, pp. 174–187.Google Scholar
- 3.M. Abe: Mix-networks on Permutation Networks, Proceedings of AsiaCrypt’ 99, Springer Verlag LNCS 1716, pp. 258–273.Google Scholar
- 4.P. Paillier: Public-Key Cryptosystems based on Composite Degree Residue Classes, Proceedings of EuroCrypt’ 99, Springer Verlag LNCS 1592, pp. 223–238.Google Scholar
- 5.M. Abe and M. Ohkubo: A Length-Invariant Hybrid Mix, Proceedings of AsiaCrypt 2000, Springer Verlag LNCS 1976, pp. 178–191.Google Scholar
- 8.M. Abe and F. Hoshino: Remarks on Mix-network Based on Permutation Networks, Proceedings of PKC 2001, Springer Verlag LNCS 1992, pp. 317–324.Google Scholar
- 9.I. Damgård and M. Jurik: A Generalisation, a Simplification and some Applications of Paillier’s Probabilistic Public-Key System, Proceedings of PKC 2001, Springer Verlag LNCS 1992, pp. 119–136.Google Scholar
- 10.I. Damgård and M. Koprowski: Practical Threshold RSA Signatures Without a Trusted Dealer, Proceedings of EuroCrypt 2001, Springer Verlag LNCS 2045, pp. 152–165.Google Scholar
- 11.M. Jakobsson and A. Juels, An optimally robust hybrid mix network, Annual ACM Symposium on Principles of Distributed Computing 2001, pp 284–292.Google Scholar
- 12.R. Cramer and V. Shoup: Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption, Proceedings of EuroCrypt 2002, Springer Verlag LNCS 2332, pp. 45–64.Google Scholar
- 13.J. Algesheimer, J. Camenisch and V. Shoup: Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products Proceedings of Crypto 2002, Springer Verlag LNCS 2442, pp. 417–432.Google Scholar
- 15.I. Damgård, and M. Jurik: A Length-Flexible Threshold Cryptosystem with Applications, BRICS report series, record 03/16, http://www.brics.dk/RS/03/16/Google Scholar