Sharing Decryption in the Context of Voting or Lotteries

  • Pierre-Alain Fouque
  • Guillaume Poupard
  • Jacques Stern
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1962)


Several public key cryptosystems with additional homomorphic properties have been proposed so far. They allow to perform computation with encrypted data without the knowledge of any secret information In many applications, the ability to perform decryption, i.e. the knowledge of the secret key, gives a huge power. A classical way to reduce the trust in such a secret owner, and consequently to increase the security, is to share the secret between many entities in such a way that cooperation between them is necessary to decrypt. In this paper, we propose a distributed version of the Paillier cryptosystem presented at Eurocrypt ’99. This shared scheme can for example be used in an electronic voting scheme or in a lottery where a random number related to the winning ticket has to be jointly chosen by all participants.


Secret Information Encrypt Data Electronic Vote Homomorphic Property Paillier Cryptosystem 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    J. Benaloh. Verifiable Secret-Ballot Elections. PhD thesis, Yale University, 1987.Google Scholar
  2. 2.
    J. Camenisch and M. Michels. A Group Signature Scheme with Improved Efficiency. In Asiacrypt’ 98, LNCS 1514. Springer-Verlag, 1998.Google Scholar
  3. 3.
    D. Chaum and T. P. Pedersen. Wallet Databases with Observers. In Crypto’ 92, LNCS 740, pages 89–105. Springer-Verlag, 1992.Google Scholar
  4. 4.
    J. Cohen and M. Fisher. A robust and verifiable cryptographically secure election scheme. In Symposium on Foundations of Computer Science. IEEE, 1985.Google Scholar
  5. 5.
    R. Cramer, R. Gennaro, and B. Schoenmakers. A Secure and Optimally Efficient Multi-Authority Election Scheme. In Eurocrypt’ 97, LNCS 1233, pages 113–118. Springer-Verlag, 1997.Google Scholar
  6. 6.
    Y. Desmedt and Y. Frankel. Parallel reliable threshold multisignature. Technical report, Department of E.E. and C.S. University of Wisconsin-Milwaukee, April 1992. TR-92-04-02.Google Scholar
  7. 7.
    Y. Frankel, P. Gemmel, Ph. MacKenzie, and M. Yung. Optimal-Resilience Proactive Public-Key Cryptosystems. In Proc. 38th FOCS, pages 384–393. IEEE, 1997.Google Scholar
  8. 8.
    R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust and efficient sharing of RSA functions. In Crypto’ 96, LNCS 1109, pages 157–172. Springer-Verlag, 1996.Google Scholar
  9. 9.
    R. Gennaro and V. Shoup. Securing Threshold Cryptosystems against Chosen Ciphertext Attack. In Eurocrypt’ 98, LNCS 1403, pages 1–16. Springer-Verlag, 1998.Google Scholar
  10. 10.
    D.M. Goldschlag and S.G. Stubblebine. Publicly Verifiable Lotterie: Applications of Delaying Functions. In Financial Crypto’ 98, LNCS 1465, pages 214–226. Springer-Verlag, 1998.CrossRefGoogle Scholar
  11. 11.
    S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28, 1984.Google Scholar
  12. 12.
    D. Naccache and J. Stern. A New Public Key Cryptosystem Based on Higher Residues. In Proc. of the 5th CCCS. ACM press, 1998.Google Scholar
  13. 13.
    T. Okamoto and S. Uchiyama. A New Public-Key Cryptosystem as Secure as Factoring. In Eurocrypt’ 98, LNCS 1403, pages 308–318. Springer-Verlag, 1998.CrossRefGoogle Scholar
  14. 14.
    P. Paillier. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In Eurocrypt’ 99, LNCS 1592, pages 223–238. Springer-Verlag, 1999.Google Scholar
  15. 15.
    G. Poupard and J. Stern. Security Analysis of a Practical “on the fly” Authentication and Signature Generation. In Eurocrypt’ 98, LNCS 1403, pages 422–436. Springer-Verlag, 1998.CrossRefGoogle Scholar
  16. 16.
    T. Rabin. A Simplified Approach to Threshold and Proactive RSA. In Crypto’ 98, LNCS 1462, pages 89–104. Springer-Verlag, 1998.Google Scholar
  17. 17.
    R.L. Rivest, A. Shamir, and L.M. Adleman. A method for obtaining digital signatures and public-key cryptosystem. Communications of the ACM, 21(2):120–126, 1978.zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    A. De Santis, Y. Desmedt, Y. Prankel, and M. Yung. How to share a function securely. In Proceedings of the 26th ACM Symposium on the Theory of Computing, pages 522–523. ACM, 1994.Google Scholar
  19. 19.
    C. P. Schnorr. Efficient Identification and Signatures for Smart Cards. In Crypto’ 89, LNCS 435, pages 235–251. Springer-Verlag, 1990.Google Scholar
  20. 20.
    A. Shamir. How to Share a Secret. Communications of the ACM, 22:612–613, Nov. 1979.Google Scholar
  21. 21.
    V. Shoup. Practical Threshold Signatures. Technical report, IBM, 1999. IBM Research Report RZ 3121.Google Scholar
  22. 22.
    S. Vanstone and R. Zuccherato. Elliptic Curve Cryptosystem Using Curves of Smooth Order Over the Ring Zn. IEEE Transaction on Information Theory, IT-43, 1997.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Pierre-Alain Fouque
    • 1
  • Guillaume Poupard
    • 1
  • Jacques Stern
    • 1
  1. 1.Laboratoire d’informatiqueÉcole Normale SupérieureParis

Personalised recommendations