A Simple Publicly Verifiable Secret Sharing Scheme and Its Application to Electronic Voting

  • Berry Schoenmakers
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1666)

Abstract

A publicly verifiable secret sharing (PVSS) scheme is a verifiable secret sharing scheme with the property that the validity of the shares distributed by the dealer can be verified by any party; hence verification is not limited to the respective participants receiving the shares. We present a new construction for PVSS schemes, which compared to previous solutions by Stadler and later by Fujisaki and Okamoto, achieves improvements both in efficiency and in the type of intractability assumptions. The running time is O(nk), where k is a security parameter, and n is the number of participants, hence essentially optimal. The intractability assumptions are the standard Diffie-Hellman assumption and its decisional variant. We present several applications of our PVSS scheme, among which is a new type of universally verifiable election scheme based on PVSS. The election scheme becomes quite practical and combines several advantages of related electronic voting schemes, which makes it of interest in its own right.

References

  1. Ben87a.
    J. Benaloh. Secret sharing homomorphisms: Keeping shares of a secret secret. In Advances in Cryptology—CRYPTO’ 86, volume 263 of Lecture Notes in Computer Science, pages 251–260, Berlin, 1987. Springer-Verlag.CrossRefGoogle Scholar
  2. Ben87b.
    J. Benaloh. Verifiable Secret-Ballot Elections. PhD thesis, Yale University, Department of Computer Science Department, New Haven, CT, September 1987.Google Scholar
  3. Bla79.
    G.R. Blakley. Safeguarding cryptographic keys. In Proceedings of the National Computer Conference 1979, volume 48 of AFIPS Conference Proceedings, pages 313–317, 1979.Google Scholar
  4. Bri89.
    E. F. Brickell. Some ideal secret sharing schemes. Journal of Combinatorial Mathematics and Combinatorial Computing, 9:105–113, 1989.MathSciNetGoogle Scholar
  5. BY86.
    J. Benaloh and M. Yung. Distributing the power of a government to enhance the privacy of voters. In Proc. 5th ACM Symposium on Principles of Distributed Computing (PODC’ 86), pages 52–62, New York, 1986. A.C.M.Google Scholar
  6. CDM99.
    R. Cramer, I. Damgård, and U. Maurer. General secure multi-party computation from any linear secret sharing scheme, 1999. Manuscript.Google Scholar
  7. CDS94.
    R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Advances in Cryptology—CRYPTO’ 94, volume 839 of Lecture Notes in Computer Science, pages 174–187, Berlin, 1994. Springer-Verlag.Google Scholar
  8. CF85.
    J. Cohen and M. Fischer. A robust and verifiable cryptographically secure election scheme. In Proc. 26th IEEE Symposium on Foundations of Computer Science (FOCS’ 85), pages 372–382. IEEE Computer Society, 1985.Google Scholar
  9. CFSY96.
    R. Cramer, M. Franklin, B. Schoenmakers, and M. Yung. Multi-authority secret ballot elections with linear work. In Advances in Cryptology — EUROCRYPT’ 96, volume 1070 of Lecture Notes in Computer Science, pages 72–83, Berlin, 1996. Springer-Verlag.Google Scholar
  10. CGMA85.
    B. Chor, S. Goldwasser, S. Micali, and B. Awerbuch. Verifiable secret sharing and achieving simultaneity in the presence of faults. In Proc. 26th IEEE Symposium on Foundations of Computer Science (FOCS’ 85), pages 383–395. IEEE Computer Society, 1985.Google Scholar
  11. CGS97.
    R. Cramer, R. Gennaro, and B. Schoenmakers. A secure and optimally efficient multi-authority election scheme. In Advances in Cryptology — EUROCRYPT’ 97, volume 1233 of Lecture Notes in Computer Science, pages 103–118, Berlin, 1997. Springer-Verlag.Google Scholar
  12. CMS96.
    J. Camenisch, U. Maurer, and M. Stadler. Digital payment systems with passive anonymity-revoking trustees. In Computer Security-ESORICS 96, volume 1146 of Lecture Notes in Computer Science, pages 33–43, Berlin, 1996. Springer-Verlag.Google Scholar
  13. CP93.
    D. Chaum and T. P. Pedersen. Transferred cash grows in size. In Advances in Cryptology—EUROCRYPT’ 92, volume 658 of Lecture Notes in Computer Science, pages 390–407, Berlin, 1993. Springer-Verlag.CrossRefGoogle Scholar
  14. Fel87.
    P. Feldman. A practical scheme for non-interactive verifiable secret sharing. In Proc. 28th IEEE Symposium on Foundations of Computer Science (FOCS’ 87), pages 427–437. IEEE Computer Society, 1987.Google Scholar
  15. FO98.
    E. Fujisaki and T. Okamoto. A practical and provably secure scheme for publicly verifiable secret sharing and its applications. In Advances in Cryptology—EUROCRYPT’ 98, volume 1403 of Lecture Notes in Computer Science, pages 32–46, Berlin, 1998. Springer-Verlag.CrossRefGoogle Scholar
  16. FTY96.
    Y. Frankel, Y. Tsiounis, and M. Yung. “Indirect discourse proofs”: Achieving efficient fair off-line e-cash. In Advances in Cryptology ASIACRYPT’ 96, volume 1163 of Lecture Notes in Computer Science, pages 286–300, Berlin, 1996. Springer-Verlag.CrossRefGoogle Scholar
  17. GJKR99.
    R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Secure distributed key generation for discrete-log based cryptosystems. In Advances in Cryptology—EUROCRYPT’ 99, volume 1592 of Lecture Notes in Computer Science, pages 295–310, Berlin, 1999. Springer-Verlag.Google Scholar
  18. KW93.
    M. Karchmer and A. Wigderson. On span programs. In Proceedings of the Eighth Annual Structure in Complexity Theory Conference, pages 102–111. IEEE Computer Society Press, 1993.Google Scholar
  19. Ped91.
    T. Pedersen. A threshold cryptosystem without a trusted party. In Advances in Cryptology—EUROCRYPT’ 91, volume 547 of Lecture Notes in Computer Science, pages 522–526, Berlin, 1991. Springer-Verlag.Google Scholar
  20. Ped92a.
    T. P. Pedersen. Distributed Provers and Verifiable Secret Sharing Based on the Discrete Logarithm Problem. PhD thesis, Aarhus University, Computer Science Department, Aarhus, Denmark, March 1992.Google Scholar
  21. Ped92b.
    T. P. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology—CRYPTO’ 91, volume 576 of Lecture Notes in Computer Science, pages 129–140, Berlin, 1992. Springer-Verlag.Google Scholar
  22. PW98.
    B. Pfitzmann and M. Waidner. How to break fraud-detectable key recovery. Operating Systems Review, 32(1):23–28, 1998.CrossRefGoogle Scholar
  23. Sha79.
    A. Shamir. How to share a secret. Communications of the ACM, 22(11):612–613, 1979.MATHCrossRefMathSciNetGoogle Scholar
  24. Sta96.
    M. Stadler. Publicly verifiable secret sharing. In Advances in Cryptology — EUROCRYPT’ 96, volume 1070 of Lecture Notes in Computer Science, pages 190–199, Berlin, 1996. Springer-Verlag.Google Scholar
  25. VT97.
    E. Verheul and H. van Tilborg. Binding ElGamal: A fraud-detectable alternative to key-escrow proposals. In Advances in Cryptology—EUROCRYPT’ 97, volume 1233 of Lecture Notes in Computer Science, pages 119–133, Berlin, 1997. Springer-Verlag.Google Scholar
  26. YY98.
    A. Young and M. Yung. Auto-recoverable auto-certifiable cryptosystems. In Advances in Cryptology—EUROCRYPT’ 98, volume 1403 of Lecture Notes in Computer Science, pages 17–31, Berlin, 1998. Springer-Verlag.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Berry Schoenmakers
    • 1
  1. 1.Department of Mathematics and Computing ScienceEindhoven University of TechnologyMB EindhovenThe Netherlands

Personalised recommendations