Universal Custodian-Hiding Verifiable Encryption for Discrete Logarithms

  • Joseph K. Liu
  • Patrick P. Tsang
  • Duncan S. Wong
  • Robert W. Zhu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3935)


We introduce the notion of Universal Custodian-Hiding Verifiable Encryption (UCH-VE) and propose a scheme of this type for discrete logarithms. A UCH-VE scheme allows an encryptor to designate t out of a group of n users and prepare a publicly verifiable ciphertext in such a way that any k of these t designated users can recover the message. The values of k and t are set arbitrarily by the encryptor. The anonymity of these t designated users will also be preserved. The UCH-VE scheme captures the notions of various types of verifiable encryption schemes that include conventional one-decryptor type, conventional threshold type, designated-1-out-of-n custodian-hiding type and designated group custodian-hiding type. On efficiency, the new scheme avoids using inefficient cut-and-choose proofs and compares favourably with the state-of-the-art verifiable encryption schemes for discrete logarithms.


Encryption Scheme Discrete Logarithm Message Space Decryption Oracle Real Transcript 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 591–606. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Bao, F.: An efficient verifiable encryption scheme for encryption of discrete logarithms. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820, pp. 213–220. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proc. 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM Press, New York (1993)Google Scholar
  6. 6.
    Camenisch, J., Damgård, I.: Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 331–345. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocations. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms (2002), http://eprint.iacr.org/2002/161/
  9. 9.
    Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Canetti, R., Goldwasser, S.: An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 90–106. Springer, Heidelberg (1999)Google Scholar
  11. 11.
    Desmedt, Y., Frankel, Y.: Threshold cryptosystem. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, Heidelberg (1990)Google Scholar
  12. 12.
    Liu, J., Wei, V., Wong, D.: Custodian-hiding verifiable encryption. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 51–64. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar
  14. 14.
    Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 1–16. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Stadler, M.: Publicly verifiable secret sharing. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 191–199. Springer, Heidelberg (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Joseph K. Liu
    • 1
  • Patrick P. Tsang
    • 2
  • Duncan S. Wong
    • 3
  • Robert W. Zhu
    • 3
  1. 1.Department of Computer ScienceUniversity of BristolBristolUK
  2. 2.Department of Computer ScienceDartmouth CollegeHanoverUSA
  3. 3.Department of Computer ScienceCity University of Hong KongHong KongChina

Personalised recommendations