A Length-Flexible Threshold Cryptosystem with Applications

We propose a public-key cryptosystem which is derived from the Paillier cryptosystem. The scheme inherits the attractive homomorphic properties of Paillier encryption. In addition, we achieve two new properties: First, all users can use the same modulus when generating key pairs, this allows more efficient proofs of relations between different encryptions. Second, we can construct a threshold decryption protocol for our scheme that is length-flexible, i.e., it can handle efficiently messages of arbitrary length, even though the public key and the secret key shares held by decryption servers are of fixed size. We show how to apply this cryptosystem to build a self-tallying election scheme with perfect ballot secrecy, and to build a length-flexible mix-net which is universally verifiable, where the size of keys and ciphertexts do not depend on the number of mix servers, and is robust against a corrupt minority.

[1]  Olivier Danvy,et al.  A functional correspondence between evaluators and abstract machines , 2003, PPDP '03.

[2]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[3]  Ulrich Kohlenbach,et al.  A complexity analysis of functional interpretations , 2005, Theor. Comput. Sci..

[4]  Vladimiro Sassone,et al.  Jeeg: temporal constraints for the synchronization of concurrent objects , 2005, Concurr. Pract. Exp..

[5]  Aggelos Kiayias,et al.  Self-tallying Elections and Perfect Ballot Secrecy , 2002, Public Key Cryptography.

[6]  Olivier Danvy,et al.  Fast partial evaluation of pattern matching in strings , 2003, PEPM.

[7]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[8]  Abraham Waksman,et al.  A Permutation Network , 1968, JACM.

[9]  Masayuki Abe,et al.  Mix-Networks on Permutation Networks , 1999, ASIACRYPT.

[10]  Olivier Danvy,et al.  From Interpreter to Compiler and Virtual Machine: A Functional Derivation , 2003 .

[11]  Ivan Damgård,et al.  Efficient algorithms for the gcd and cubic residuosity in the ring of Eisenstein integers , 2003, J. Symb. Comput..

[12]  Masayuki Abe,et al.  A Length-Invariant Hybrid Mix , 2000, ASIACRYPT.

[13]  Claus Brabrand,et al.  The metafront System: Extensible Parsing and Transformation , 2003, LDTA@ETAPS.

[14]  Ivan Damgård,et al.  A Length-Flexible Threshold Cryptosystem with Applications , 2003 .

[15]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[16]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[17]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[18]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[19]  Yvo Desmedt,et al.  How to Break a Practical MIX and Design a New One , 2000, EUROCRYPT.

[20]  Anna Ingólfsdóttir,et al.  A semantic theory for value-passing processes based on the late approach , 2003, Inf. Comput..

[21]  I. Damgård,et al.  A Generalisation, a Simplification and some Applications of Paillier’s Probabilistic Public-Key System , 2000 .

[22]  Ivan Damgård,et al.  An Extended Quadratic Frobenius Primality Test with Average and Worst Case Error Estimates , 2003, FCT.

[23]  Ivan Damgård,et al.  Practical Threshold RSA Signatures without a Trusted Dealer , 2000, EUROCRYPT.

[24]  Jan Camenisch,et al.  Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products , 2002, CRYPTO.

[25]  Masayuki Abe,et al.  Remarks on Mix-Network Based on Permutation Networks , 2001, Public Key Cryptography.

[26]  Masayuki Abe,et al.  A Length-invariant Hybrid Mix(Special Section on Fundamentals of Information and Communications) , 2001 .

[27]  Markus Jakobsson,et al.  An optimally robust hybrid mix network , 2001, PODC '01.

[28]  Oded Goldreich,et al.  On the Security of Modular Exponentiation with Application to the Construction of Pseudorandom Generators , 2003, Journal of Cryptology.