Verifiable Rotation of Homomorphic Encryptions
Similar to verifiable shuffling (mixing), we consider the problem of verifiable rotating a given list of homomorphic encryptions. The offset by which the list is rotated (cyclic shift) should remain hidden. Basically, we will present zero-knowledge proofs of knowledge of a rotation offset and re-encryption exponents, which define how the input list is transformed into the output list. We also briefly address various applications of verifiable rotation, ranging from ‘fragile mixing’ as introduced by Reiter and Wang at CCS’04 to applications in protocols for secure multiparty computation and voting.
We present two new, efficient protocols. Our first protocol is quite elegant and involves the use of the Discrete Fourier Transform (as well as the Fast Fourier Transform algorithm), and works under some reasonable conditions. We believe that this is the first time that Fourier Transforms are used to construct an efficient zero-knowledge proof of knowledge.
Our second protocol is more general (requiring no further conditions) and only slightly less efficient than the DFT-based protocol. Unlike the previously best protocol by Reiter and Wang, however, which relies on extensive use of verifiable shuffling as a building block (invoking it four times as a sub-protocol), our construction is direct and its performance is comparable to the performance of a single run of the best protocol for verifiable shuffling.
- 4.Cramer, R.: Modular Design of Secure yet Practical Cryptographic Protocols. PhD thesis, Universiteit van Amsterdam, Netherlands (1997)Google Scholar
- 6.Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
- 9.ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory IT-31, 469–472 (1985)Google Scholar
- 14.Groth, J.: Honest Verifier Zero-Knowledge Arguments Applied. PhD thesis, University of Aarhus (2004)Google Scholar
- 17.Li, J., Atallah, M.: Secure and private collaborative linear programming. Collaborative Computing: Networking, Applications and Worksharing, 2006. CollaborateCom 2006, pp. 1–8 (2006)Google Scholar
- 19.Neff, C.: A verifiable secret shuffle and its application to e-voting. In: 8th ACM conference on Computer and Communications Security – CCS 2001, pp. 116–125. ACM Press, New York (2001)Google Scholar
- 20.Reistad, T., Toft, T.: Secret sharing comparison by transformation and rotation. In: Pre-Proceedings of the International Conference on Information Theoretic Security–ICITS 2007. LNCS. Springer, Heidelberg (2007) (to appear)Google Scholar
- 21.Reiter, M.K., Wang, X.: Fragile mixing. In: CCS 2004: Proceedings of the 11th ACM conference on Computer and communications security, pp. 227–235. ACM Press, New York (2004)Google Scholar
- 22.Ryan, P.: Prêt-à-Voter with Paillier encryption, Technical Report CS-TR No 965, School of Computing Science, Newcastle University (2006), http://www.cs.ncl.ac.uk/publications/trs/papers/965.pdf
- 26.Wen, R., Buckland, R.: Mix and test counting for the alternative vote electoral system (2008); presented at WISSec 2008Google Scholar
- 27.Yao, A.: How to generate and exchange secrets. In: 27th IEEE Symposium on Foundations of Computer Science, pp. 162–168 (1986)Google Scholar