Learn More
Suppose we are given a proof of knowledge P in which a prover demonstrates that he knows a solution to a given problem instance. Suppose also that we have a secret sharing scheme S on n participants. Then under certain assumptions on P and S, we show how to transform P into a witness indistinguishable protocol, in which the prover demonstrates knowledge of(More)
In this paper we present a new multi-authority secret-ballot election scheme that guarantees privacy, universal verifiability, and robustness. It is the first scheme for which the performance is optimal in the sense that time and communication complexity is minimal both for the individual voters and the authorities. An interesting property of the scheme is(More)
A publicly verifiable secret sharing (PVSS) scheme is a verifiable secret sharing scheme with the property that the validity of the shares distributed by the dealer can be verified by any party; hence verification is not limited to the respective participants receiving the shares. We present a new construction for PVSS schemes, which compared to previous(More)
We present new cryptographic protocols for multi-authority secret ballot elections that guarantee privacy, robustness, and universal veriiability. Application of some novel techniques, in particular the construction of witness hiding/indistinguishable protocols from Cramer, Damg ard and Schoenmakers, and the veriiable secret sharing scheme of Pedersen,(More)
We consider the framework of secure n-party computation based on threshold homomorphic cryptosystems as put forth by Cramer, Damgård, and Nielsen at Eurocrypt 2001. When used with Paillier's cryptosystem, this framework allows for efficient secure evaluation of any arithmetic circuit defined over ZN , where N is the RSA modulus of the underlying Paillier(More)
In this paper we present a new multi-authority secret-ballot election scheme that guarantees privacy, universal veriiability, and ro-bustness. It is the rst scheme for which the performance is optimal in the sense that time and communication complexity is minimal both for the individual voters and the authorities. An interesting property of the scheme is(More)
We present new results in the framework of secure multi-party computation based on homomorphic threshold cryptosystems. We introduce the conditional gate as a special type of multiplication gate that can be realized in a surprisingly simple and efficient way using just standard homomorphic threshold ElGamal encryption. As addition gates are essentially for(More)
We present a solution to the Tiercé problem, in which two players want to know whether they have backed the same combination (but neither player wants to disclose its combination to the other one). The problem is also known as the socialist millionaires' problem, in which two millionaires want to know whether they happen to be equally rich. In our solution,(More)
We present a protocol issue that arises with the use of oblivious transfer in the malicious case of several two-party computation protocols based on Yao's garbled circuit. We describe this issue for a protocol by Pinkas (Eurocrypt 2003) and for the Fairplay protocol , and we discuss why this issue still persists for a recently suggested modification of the(More)
A family of pseudorandom generators based on the decisional Diffie-Hellman assumption is proposed. The new construction is a modified and generalized version of the Dual Elliptic Curve generator proposed by Barker and Kelsey. Although the original Dual Elliptic Curve generator is shown to be insecure, the modified version is provably secure and very(More)