Universal Custodian-Hiding Verifiable Encryption for Discrete Logarithms

We introduce the notion of Universal Custodian-Hiding Verifiable Encryption (UCH-VE) and propose a scheme of this type for discrete logarithms. A UCH-VE scheme allows an encryptor to designate t out of a group of n users and prepare a publicly verifiable ciphertext in such a way that any k of these t designated users can recover the message. The values of k and t are set arbitrarily by the encryptor. The anonymity of these t designated users will also be preserved. The UCH-VE scheme captures the notions of various types of verifiable encryption schemes that include conventional one-decryptor type, conventional threshold type, designated-1-out-of-n custodian-hiding type and designated group custodian-hiding type. On efficiency, the new scheme avoids using inefficient cut-and-choose proofs and compares favourably with the state-of-the-art verifiable encryption schemes for discrete logarithms.

[1]  Joseph K. Liu,et al.  Custodian-Hiding Verifiable Encryption , 2004, WISA.

[2]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[3]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[4]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[5]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[6]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, Journal of Cryptology.

[7]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[8]  Ran Canetti,et al.  An Efficient Threshold Public Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack , 1999, EUROCRYPT.

[9]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[10]  Markus Stadler,et al.  Publicly Verifiable Secret Sharing , 1996, EUROCRYPT.

[11]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[12]  Feng Bao An Efficient Verifiable Encryption Scheme for Encryption of Discrete Logarithms , 1998, CARDIS.

[13]  Ivan Damgård,et al.  Verifiable Encryption, Group Encryption, and Their Applications to Separable Group Signatures and Signature Sharing Schemes , 2000, ASIACRYPT.

[14]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.