Results 1 
7 of
7
A generalisation, a simplification and some applications of Paillier's probabilistic publickey system
 LNCS
, 2001
"... We propose a generalisation of Paillier’s probabilistic public key system, in which the expansion factor is reduced and which allows to adjust the block length of the scheme even after the public key has been fixed, without loosing the homomorphic property.We show that the generalisation is as secu ..."
Abstract

Cited by 149 (2 self)
 Add to MetaCart
We propose a generalisation of Paillier’s probabilistic public key system, in which the expansion factor is reduced and which allows to adjust the block length of the scheme even after the public key has been fixed, without loosing the homomorphic property.We show that the generalisation is as secure as Paillier’s original system. We construct a threshold variant of the generalised scheme as well as zeroknowledge protocols to show that a given ciphertext encrypts one of a set of given plaintexts, and protocols to verify multiplicative relations on plaintexts. We then show how these building blocks can be used for applying the scheme to efficient electronic voting. This reduces dramatically the work needed to compute the final result of an election, compared to the previously best known schemes. We show how the basic scheme for a yes/no vote can be easily adapted to casting a vote for up to t out of L candidates.The same basic building blocks can also be adapted to provide receiptfree elections, under appropriate physical assumptions. The scheme for 1 out of L elections can be optimised such that for a certain range of parameter values, a ballot has size only O(log L) bits.
Practical threshold RSA signatures without a trusted dealer
, 2001
"... Abstract. We propose a threshold RSA scheme which is as efficient as the fastest previous threshold RSA scheme (by Shoup), but where two assumptions needed in Shoup’s and in previous schemes can be dropped, namely that the modulus must be a product of safe primes and that a trusted dealer generates ..."
Abstract

Cited by 52 (4 self)
 Add to MetaCart
Abstract. We propose a threshold RSA scheme which is as efficient as the fastest previous threshold RSA scheme (by Shoup), but where two assumptions needed in Shoup’s and in previous schemes can be dropped, namely that the modulus must be a product of safe primes and that a trusted dealer generates the keys. The robustness (but not the unforgeability) of our scheme depends on a new intractability assumption, in addition to security of the underlying standard RSA scheme. 1
A Generalization of Paillier's PublicKey System with Applications to Electronic Voting
 P Y A RYAN
, 2003
"... We propose a generalization of Paillier's probabilistic public key system, in which the expansion factor is reduced and which allows to adjust the block length of the scheme even after the public key has been fixed, without losing the homomorphic property. We show that the generalization is as secur ..."
Abstract

Cited by 20 (1 self)
 Add to MetaCart
We propose a generalization of Paillier's probabilistic public key system, in which the expansion factor is reduced and which allows to adjust the block length of the scheme even after the public key has been fixed, without losing the homomorphic property. We show that the generalization is as secure as Paillier's original system and propose several ways to optimize implementations of both the generalized and the original scheme. We construct
Efficient Protocols based on Probabilistic Encryption using Composite Degree Residue Classes
, 2001
"... We study various applications and variants of Paillier's probabilistic encryption scheme. First, we propose a threshold variant of the scheme, and also zeroknowledge protocols for proving that a given ciphertext encodes a given plaintext, and for verifying multiplication of encrypted values. We the ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
We study various applications and variants of Paillier's probabilistic encryption scheme. First, we propose a threshold variant of the scheme, and also zeroknowledge protocols for proving that a given ciphertext encodes a given plaintext, and for verifying multiplication of encrypted values. We then show how these building blocks can be used for applying the scheme to efficient electronic voting. This reduces dramatically the work needed to compute the final result of an election, compared to the previously best known schemes. We show how the basic scheme for a yes/no vote can be easily adapted to casting a vote for up to t out of L candidates. The same basic building blocks can also be adapted to provide receiptfree elections, under appropriate physical assumptions. The scheme for 1 out of L elections can be optimised such that for a certain range of parameter values, a ballot has size only O(log L) bits. Finally, we propose a variant of the encryption scheme, that allows reducing the expansion factor of Paillier's scheme from 2 to almost 1.
Extensions to the Paillier Cryptosystem with Applications to Cryptological Protocols
, 2003
"... The main contribution of this thesis is a simplification, a generalization and some modifications of the homomorphic cryptosystem proposed by Paillier in 1999, and several cryptological protocols that follow from these changes. The Paillier ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
The main contribution of this thesis is a simplification, a generalization and some modifications of the homomorphic cryptosystem proposed by Paillier in 1999, and several cryptological protocols that follow from these changes. The Paillier
Dupont: Efficient Threshold RSA Signatures with General Moduli and No Extra Assumptions
 Proc. of Public Key Cryptography 2005: 346
"... Abstract. We propose techniques that allow construction of robust threshold RSA signature schemes that can work without a trusted dealer using known key generation protocols and is as efficient as the best previous schemes. We do not need special conditions on the RSA modulus, extra complexity or se ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
Abstract. We propose techniques that allow construction of robust threshold RSA signature schemes that can work without a trusted dealer using known key generation protocols and is as efficient as the best previous schemes. We do not need special conditions on the RSA modulus, extra complexity or setup assumptions or random oracles. An “optimistic” variant of the scheme is even more efficient in case no faults occur. Some potential more general applications of our basic idea are also pointed out. 1
On Design of RSA Threshold Signature Scheme
, 2001
"... Almost all threshold signature schemes based on secret sharing such as polynomial sharing have a common weakness that they cannot resist the conspiracy attack. The reason is that the manager possesses the secret share of each member, and the secret can be retrieved by an adversary if the adversary c ..."
Abstract
 Add to MetaCart
Almost all threshold signature schemes based on secret sharing such as polynomial sharing have a common weakness that they cannot resist the conspiracy attack. The reason is that the manager possesses the secret share of each member, and the secret can be retrieved by an adversary if the adversary can corrupt t members (where t is the threshold).