Advertisement

Distributed Paillier Cryptosystem without Trusted Dealer

  • Takashi Nishide
  • Kouichi Sakurai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6513)

Abstract

We propose a distributed key generation protocol for the threshold Paillier cryptosystem. Often in the multiparty computation based on the threshold Paillier cryptosystem, the existence of a trusted dealer is assumed to distribute secret key shares, but it can be a single point of attack, so it is not preferable. Building on the threshold Paillier cryptosystem with a trusted dealer, we show how to eliminate the trusted dealer by robust distributed key generation without using safe primes.

Keywords

Distributed Key Generation Multiparty Computation Secret Sharing Threshold Paillier Cryptosystem 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Algesheimer, J., Camenisch, J., Shoup, V.: Efficient computation modulo a shared secret with application to the generation of shared safe-prime products. In: CRYPTO 2002. LNCS, vol. 2442, pp. 417–432. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Bangerter, E., Camenisch, J., Krenn, S.: Efficiency limitations for Sigma-protocols for group homomorphisms. In: Micciancio, D. (ed.) Theory of Cryptography. LNCS, vol. 5978, pp. 553–571. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  3. 3.
    Baudron, O., Fouque, P.-A., Pointcheval, D., Poupard, G., Stern, J.: Practical multi-candidate election system. In: Proc. 20th ACM PODC, pp. 274–283 (2001)Google Scholar
  4. 4.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorem for non-cryptographic fault-tolerant distributed computation. In: Proc. 20th Annual ACM Symposium on Theory of Computing (STOC), pp. 1–10 (1988)Google Scholar
  5. 5.
    Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 425–439. Springer, Heidelberg (1997)Google Scholar
  6. 6.
    Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. J. ACM 48(4), 702–722 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Brickell, E., Chaum, D., Damgård, I., Graaf, J.: Gradual and verifiable release of a secret. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 156–166. Springer, Heidelberg (1988)Google Scholar
  8. 8.
    Cachin, C.: An asynchronous protocol for distributed computation of RSA inverses and its applications. In: Proc. ACM PODC, pp. 153–162 (2003)Google Scholar
  9. 9.
    Camenisch, J., Michels, M.: Proving in zero-knowledge that a number is the product of two safe primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107–122. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  10. 10.
    Catalano, D., Gennaro, R., Halevi, S.: Computing inverses over a shared secret modulus. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 190–207. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Chan, A., Frankel, Y., Tsiounis, Y.: Easy come - easy go divisible cash. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 561–575. Springer, Heidelberg (1998); Updated version with corrections, GTE Tech. Report available at http://www.ccs.neu.edu/home/yiannis/
  12. 12.
    Cramer, R., Damgård, I.: Zero-knowledge proofs for finite field arithmetic or: Can zero-knowledge be for free? In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 424–441. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  13. 13.
    Cramer, R., Damgård, I., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–300. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Damgård, I., Dupont, K.: Efficient threshold RSA signatures with general moduli and no extra assumptions. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 346–361. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Damgård, I., Fujisaki, E.: An integer commitment scheme based on groups with hidden order. Cryptology ePrint Archive 2001/064 (2001)Google Scholar
  16. 16.
    Damgård, I., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Damgård, I., Jurik, M.: A length-flexible threshold cryptosystem with applications. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 350–364. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Damgård, I., Koprowski, M.: Practical threshold RSA signatures without a trusted dealer. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 152–165. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Damgård, I., Mikkelsen, G.L.: Efficient robust and constant-round distributed RSA key generation. In: Micciancio, D. (ed.) Theory of Cryptography. LNCS, vol. 5978, pp. 183–200. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  21. 21.
    Damgård, I., Thorbek, R.: Linear integer secret sharing and distributed exponentiation. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 75–90. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  23. 23.
    Fouque, P.-A., Poupard, G., Stern, J.: Sharing decryption in the context of voting or lotteries. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 90–104. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Fouque, P.A., Stern, J.: Fully distributed threshold RSA under standard assumptions. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 310–330. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  25. 25.
    Frankel, Y., MacKenzie, P.D., Yung, M.: Robust efficient distributed RSA-key generation. In: Proc. 30th ACM STOC, pp. 663–672 (1998)Google Scholar
  26. 26.
    Franklin, M.K., Gondree, M., Mohassel, P.: Improved efficiency for private stable matching. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 163–177. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  27. 27.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptology 20(1), 51–83 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Hirt, M., Nielsen, J.B.: Robust multiparty computation with linear communication complexity. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 463–482. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  29. 29.
    Malkin, M., Wu, T., Boneh, D.: Experimenting with shared RSA key generation. In: Proc. Internet Society’s 1999 Symposium on Network and Distributed System Security (SNDSS 1999), pp. 43–56 (1999)Google Scholar
  30. 30.
    Okamoto, T.: An efficient divisible electronic cash scheme. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 438–451. Springer, Heidelberg (1995)Google Scholar
  31. 31.
    Ong, E., Kubiatowicz, J.: Optimizing robustness while generating shared secret safe primes. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 120–137. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  32. 32.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  33. 33.
    Pedersen, T.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  34. 34.
    Pedersen, T.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  35. 35.
    Rabin, T.: A simplified approach to threshold and proactive RSA. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 89–104. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  36. 36.
    Schoenmakers, B., Tuyls, P.: Efficient binary conversion for Paillier encrypted values. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 522–537. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  37. 37.
    Shamir, A.: How to share a secret. Communications of ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  38. 38.
    Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  39. 39.
    SecureSCM Project. Secure computation models and frameworks. Technical Report D9.1, D9.1_SecureSCM_V1.0.pdf (2008), http://www.securescm.org/

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Takashi Nishide
    • 1
  • Kouichi Sakurai
    • 1
  1. 1.Department of InformaticsKyushu UniversityFukuokaJapan

Personalised recommendations