A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System

  title={A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System},
  author={Ivan Damg{\aa}rd and Mads Jurik},
  booktitle={International Conference on Theory and Practice of Public Key Cryptography},
  • I. DamgårdM. Jurik
  • Published in
    International Conference on…
    13 February 2001
  • Mathematics, Computer Science
We propose a generalisation of Paillier's probabilistic public key system, in which the expansion factor is reduced and which allows to adjust the block length of the scheme even after the public key has been fixed, without loosing the homomorphic property. We show that the generalisation is as secure as Paillier's original system. We construct a threshold variant of the generalised scheme as well as zero-knowledge protocols to show that a given ciphertext encrypts one of a set of given… 

Benaloh's Dense Probabilistic Encryption Revisited

This paper shows on several applications that a bad choice in the key generation phase of Benaloh's scheme has a real impact on the behaviour of the application, and shows how to formulate the security of the corrected scheme in a generic setting suitable for several homomorphic encryptions.

Paillier's cryptosystem revisited

We re-examine Paillier's cryptosystem, and show that by choosing a particular discrete log base g, and by introducing an alternative decryption procedure, we can extend the scheme to allow an

A Generalization of Paillier's Public-Key System With Fast Decryption

A very simple decryption algorithm is proposed which is more efficient than other generalization algorithms and it is proved that the generalized Paillier’s scheme is IND-CPA secure.

Homomorphic Secret Sharing from Paillier Encryption

This work extends Boyle et al.

Optimized Paillier’s Cryptosystem with Fast Encryption and Decryption

A new optimization for the Paillier’s additively homomorphic encryption scheme (Eurocrypt’99) is proposed, with a well-chosen subgroup of the underlying , which is used as the randomness space for masking messages during encryption.

A Weakness in Some Oblivious Transfer and Zero-Knowledge Protocols

It appears that even a semi-honest chooser (verifier) can derive from the random coin bounds for all or some of the sender's (prover's) private inputs with non-negligible probability.

Efficient Binary Conversion for Paillier Encrypted Values

The framework of secure n-party computation based on threshold homomorphic cryptosystems as put forth by Cramer, Damgard, and Nielsen is extended by considering the problem of converting a given Paillier encryption of a value x∈ℤN intoPaillier encryptions of the bits of x.

A Length-Flexible Threshold Cryptosystem with Applications

The scheme inherits the attractive homomorphic properties of Paillier encryption and achieves two new properties: first, all users can use the same modulus when generating key pairs, this allows more efficient proofs of relations between different encryptions, and second, a threshold decryption protocol is constructed for the scheme that is length-flexible.

The Paillier's Cryptosystem and Some Variants Revisited

It is shown that there is a big difference between the original Paillier's encryption and some variants, and the alternative decryption procedure of Bresson-Catalano-Pointcheval encryption scheme proposed at Asiacrypt'03 is simplified.

A Variant of the Schmidt-Takagi Encryption Scheme

This paper proposes a new variant of the Schmidt-Takagi encryption scheme described as Et(r, m) = r s (1 + mn) mod n, where n, s, t are the public key, m a message, and r a random number, and gets that Et is additively homomorphic in m if t ≥ ⌈(s+1)/2⌉.



A Generalisation, a Simplification and some Applications of Paillier’s Probabilistic Public-Key System

We propose a generalisation of Paillier's probabilistic public key system, in which the expansion factor is reduced and which allows to adjust the block length of the scheme even after the public key

A secure and optimally efficient multi-authority election scheme

In this paper we present a new multi-authority secret-ballot election scheme that guarantees privacy, universal verifiability, and robustness. It is the first scheme for which the performance is

Sharing Decryption in the Context of Voting or Lotteries

A distributed version of the Paillier cryptosystem presented at Eurocrypt '99 is proposed, which can be used in an electronic voting scheme or in a lottery where a random number related to the winning ticket has to be jointly chosen by all participants.

Robust efficient distributed RSA-key generation

The solution can be combined with recent pronctive function sharing techniques to establish the first efficient, optimal-resilience, robust and proactively-secure RSAbased diotributcd trust services where the key is never entrusted to a oin8le entity (Le., distributed trust totally “from scratch”).

A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory

This paper proposes a new scheme which requires the storage of only one authentication number in each security microprocessor and the check ofonly one witness number, and the needed computations are only 2 or 3 more than for the scheme of Fiat-Shamir.

Efficient Receipt-Free Voting Based on Homomorphic Encryption

The security of the multi-authority voting protocol of Benaloh and Tuinstra is analyzed and it is demonstrated that this protocol is not receiptfree, opposed to what was claimed in the paper and was believed before.

Efficient Multiparty Computations Secure Against an Adaptive Adversary

This paper observes that a subprotocol of Rabin and Ben-Or's, known as weak secret sharing (WSS), is not secure against an adaptive adversary, and proposes new and adaptively secure protocols for WSS, VSS and MPC that are substantially more efficient than the original ones.

Public-Key Cryptosystems Based on Composite Degree Residuosity Classes

A new trapdoor mechanism is proposed and three encryption schemes are derived : a trapdoor permutation and two homomorphic probabilistic encryption schemes computationally comparable to RSA, which are provably secure under appropriate assumptions in the standard model.

Practical multi-candidate election system

A practical multi-candidate election scheme that guarantees privacy of voters, public verifiability, and robustness against a coalition of malicious authorities is described, based on the Paillier cryptosystem and on some related zero-knowledge proof techniques.

Practical Threshold Signatures

  • V. Shoup
  • Computer Science, Mathematics
  • 2000
An RSA threshold signature scheme that is unforgeable and robust in the random oracle model, assuming the RSA problem is hard and the size of an individual signature share is bounded by a constant times thesize of the RSA modulus.