Verifiable Rotation of Homomorphic Encryptions

  • Sebastiaan de Hoogh
  • Berry Schoenmakers
  • Boris Škorić
  • José Villegas
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5443)


Similar to verifiable shuffling (mixing), we consider the problem of verifiable rotating a given list of homomorphic encryptions. The offset by which the list is rotated (cyclic shift) should remain hidden. Basically, we will present zero-knowledge proofs of knowledge of a rotation offset and re-encryption exponents, which define how the input list is transformed into the output list. We also briefly address various applications of verifiable rotation, ranging from ‘fragile mixing’ as introduced by Reiter and Wang at CCS’04 to applications in protocols for secure multiparty computation and voting.

We present two new, efficient protocols. Our first protocol is quite elegant and involves the use of the Discrete Fourier Transform (as well as the Fast Fourier Transform algorithm), and works under some reasonable conditions. We believe that this is the first time that Fourier Transforms are used to construct an efficient zero-knowledge proof of knowledge.

Our second protocol is more general (requiring no further conditions) and only slightly less efficient than the DFT-based protocol. Unlike the previously best protocol by Reiter and Wang, however, which relies on extensive use of verifiable shuffling as a building block (invoking it four times as a sub-protocol), our construction is direct and its performance is comparable to the performance of a single run of the best protocol for verifiable shuffling.


  1. 1.
    Atallah, M.J., Blanton, M., Frikken, K.B., Li, J.: Efficient correlated action selection. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, pp. 296–310. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Blake, I., Kolesnikov, V.: Strong conditional oblivious transfer and computing on intervals. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 515–529. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  4. 4.
    Cramer, R.: Modular Design of Secure yet Practical Cryptographic Protocols. PhD thesis, Universiteit van Amsterdam, Netherlands (1997)Google Scholar
  5. 5.
    Cramer, R., Damgård, I.: Zero-knowledge for finite field arithmetic. Or: Can zero-knowledge be for free? In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 424–441. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  6. 6.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  7. 7.
    Damgård, I., Fujisaki, E.: Efficient concurrent zero-knowledge in the auxiliary string model. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Damgård, I., Geisler, M., Krøigaard, M.: Efficient and secure comparison for on-line auctions. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 416–430. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory IT-31, 469–472 (1985)Google Scholar
  10. 10.
    Garay, J., Schoenmakers, B., Villegas, J.: Practical and secure solutions for integer comparison. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 330–342. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Goldreich, O.: Foundations of Cryptography. Cambridge University Press, Cambridge (2001)CrossRefMATHGoogle Scholar
  12. 12.
    Groth, J.: A verifiable secret shuffle of homomorphic encryptions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 145–160. Springer, Heidelberg (2002); CrossRefGoogle Scholar
  13. 13.
    Groth, J.: Evaluating security of voting schemes in the universal composability framework. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 46–60. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Groth, J.: Honest Verifier Zero-Knowledge Arguments Applied. PhD thesis, University of Aarhus (2004)Google Scholar
  15. 15.
    Groth, J., Ishai, Y.: Sub-linear zero-knowledge argument for correctness of a shuffle. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 379–396. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. 16.
    Jakobsson, M., Juels, A.: Mix and match: Secure function evaluation via ciphertexts. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 162–177. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Li, J., Atallah, M.: Secure and private collaborative linear programming. Collaborative Computing: Networking, Applications and Worksharing, 2006. CollaborateCom 2006, pp. 1–8 (2006)Google Scholar
  18. 18.
    Lindell, Y.: Parallel coin-tossing and constant-round secure two-party computation. Journal of Cryptology 16(3), 143–184 (2001)MathSciNetCrossRefMATHGoogle Scholar
  19. 19.
    Neff, C.: A verifiable secret shuffle and its application to e-voting. In: 8th ACM conference on Computer and Communications Security – CCS 2001, pp. 116–125. ACM Press, New York (2001)Google Scholar
  20. 20.
    Reistad, T., Toft, T.: Secret sharing comparison by transformation and rotation. In: Pre-Proceedings of the International Conference on Information Theoretic Security–ICITS 2007. LNCS. Springer, Heidelberg (2007) (to appear)Google Scholar
  21. 21.
    Reiter, M.K., Wang, X.: Fragile mixing. In: CCS 2004: Proceedings of the 11th ACM conference on Computer and communications security, pp. 227–235. ACM Press, New York (2004)Google Scholar
  22. 22.
    Ryan, P.: Prêt-à-Voter with Paillier encryption, Technical Report CS-TR No 965, School of Computing Science, Newcastle University (2006),
  23. 23.
    Ryan, P., Schneider, F.: Prêt-à-Voter with re-encryption mixes. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 313–326. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  24. 24.
    Sako, K., Killian, J.: Receipt-free mix-type voting scheme. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 393–403. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  25. 25.
    Straus, E.: Addition chains of vectors (problem 5125). American Mathematical Monthly 71, 806–808 (1964)MathSciNetGoogle Scholar
  26. 26.
    Wen, R., Buckland, R.: Mix and test counting for the alternative vote electoral system (2008); presented at WISSec 2008Google Scholar
  27. 27.
    Yao, A.: How to generate and exchange secrets. In: 27th IEEE Symposium on Foundations of Computer Science, pp. 162–168 (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Sebastiaan de Hoogh
    • 1
  • Berry Schoenmakers
    • 1
  • Boris Škorić
    • 1
  • José Villegas
    • 1
  1. 1.Dept. of Mathematics and Computer ScienceTU EindhovenEindhovenThe Netherlands

Personalised recommendations