Results 1  10
of
147
A Secure and Optimally Efficient MultiAuthority Election Scheme
, 1997
"... Abstract. In this paper we present a new multiauthority secretballot election scheme that guarantees privacy, universal verifiability, and robustness. It is the first scheme for which the performance is optimal in the sense that time and communication complexity is minimal both for the individual ..."
Abstract

Cited by 285 (6 self)
 Add to MetaCart
Abstract. In this paper we present a new multiauthority secretballot election scheme that guarantees privacy, universal verifiability, and robustness. It is the first scheme for which the performance is optimal in the sense that time and communication complexity is minimal both for the individual voters and the authorities. An interesting property of the scheme is that the time and communication complexity for the voter is independent of the number of authorities. A voter simply posts a single encrypted message accompanied by a compact proof that it contains a valid vote. Our result is complementary to the result by Cramer, Franklin, Schoenmakers, and Yung in the sense that in their scheme the work for voters is linear in the number of authorities but can be instantiated to yield informationtheoretic privacy, while in our scheme the voter’s effort is independent of the number of authorities but always provides computational privacyprotection. We will also point out that the majority of proposed voting schemes provide computational privacy only (often without even considering the lack of informationtheoretic privacy), and that our new scheme is by far superior to those schemes. 1
Evaluating 2dnf formulas on ciphertexts
 In proceedings of TCC ’05, LNCS series
, 2005
"... Abstract. Let ψ be a 2DNF formula on boolean variables x1,..., xn ∈ {0, 1}. We present a homomorphic public key encryption scheme that allows the public evaluation of ψ given an encryption of the variables x1,..., xn. In other words, given the encryption of the bits x1,..., xn, anyone can create th ..."
Abstract

Cited by 199 (7 self)
 Add to MetaCart
(Show Context)
Abstract. Let ψ be a 2DNF formula on boolean variables x1,..., xn ∈ {0, 1}. We present a homomorphic public key encryption scheme that allows the public evaluation of ψ given an encryption of the variables x1,..., xn. In other words, given the encryption of the bits x1,..., xn, anyone can create the encryption of ψ(x1,..., xn). More generally, we can evaluate quadratic multivariate polynomials on ciphertexts provided the resulting value falls within a small set. We present a number of applications of the system: 1. In a database of size n, the total communication in the basic step of the KushilevitzOstrovsky PIR protocol is reduced from √ n to 3 √ n. 2. An efficient election system based on homomorphic encryption where voters do not need to include noninteractive zero knowledge proofs that their ballots are valid. The election system is proved secure without random oracles but still efficient. 3. A protocol for universally verifiable computation. 1
Efficient receiptfree voting based on homomorphic encryption
, 2000
"... Abstract. Voting schemes that provide receiptfreeness prevent voters from proving their cast vote, and hence thwart votebuying and coercion. We analyze the security of the multiauthority voting protocol of Benaloh and Tuinstra and demonstrate that this protocol is not receiptfree, opposed to what ..."
Abstract

Cited by 155 (0 self)
 Add to MetaCart
Abstract. Voting schemes that provide receiptfreeness prevent voters from proving their cast vote, and hence thwart votebuying and coercion. We analyze the security of the multiauthority voting protocol of Benaloh and Tuinstra and demonstrate that this protocol is not receiptfree, opposed to what was claimed in the paper and was believed before. Furthermore, we propose the first practicable receiptfree voting scheme. Its only physical assumption is the existence of secret oneway communication channels from the authorities to the voters, and due to the public verifiability of the tally, voters only join a single stage of the protocol, realizing the “voteandgo ” concept. The protocol combines the advantages of the receiptfree protocol of Sako and Kilian and of the very efficient protocol of Cramer, Gennaro, and Schoenmakers, with help of designatedverifier proofs of Jakobsson, Sako, and Impagliazzo. Compared to the receiptfree protocol of Sako and Kilian for security parameter ℓ (the number of repetitions in the noninteractive cutandchoose proofs), the protocol described in this paper realizes an improvement of the total bit complexity by a factor ℓ.
ReceiptFree Electronic Voting Schemes for Large Scale Elections
, 1997
"... This paper proposes practical receiptfree voting schemes which are suitable for (nation wide) large scale elections. One of the proposed scheme requires the help of the voting commission, and needs a physical assumption, the existence of an untappable channel. The other scheme does not require the ..."
Abstract

Cited by 107 (0 self)
 Add to MetaCart
This paper proposes practical receiptfree voting schemes which are suitable for (nation wide) large scale elections. One of the proposed scheme requires the help of the voting commission, and needs a physical assumption, the existence of an untappable channel. The other scheme does not require the help of the commission, but needs a stronger physical assumption, the existence of a voting booth. We define receiptfreeness, and prove that the proposed schemes satisfy receiptfreeness under such physical assumptions. 1 Introduction Various types of electronic secret voting schemes have been proposed in the last ten years [BGW88, BT94, CCD88, CFSY96, Cha88, FOO92, GMW87, Ive92, JSI96, Oka96, SK94, SK95], and recently receiptfree voting schemes are attracting many researchers [BT94, JSI96, Oka96, SK95]. The receiptfree property means that voting system generates no receipt (evidence) of whom a voter voted for, where the receipt of a vote, which proves that a voter has voted for a candid...
Fair computation of general functions in presence of immoral majority
 in CRYPTO’90. LNCS
, 1990
"... ..."
Homomorphic Signature Schemes
"... Privacy homomorphisms, encryption schemes that are also homomorphisms relative to some binary operation, have been studied for some time, but one may also consider the analogous problem of homomorphic signature schemes. In this paper we introduce basic definitions of security for homomorphic signa ..."
Abstract

Cited by 92 (1 self)
 Add to MetaCart
(Show Context)
Privacy homomorphisms, encryption schemes that are also homomorphisms relative to some binary operation, have been studied for some time, but one may also consider the analogous problem of homomorphic signature schemes. In this paper we introduce basic definitions of security for homomorphic signature systems, motivate the inquiry with example applications, and describe several schemes that are homomorphic with respect to useful binary operations. In particular, we describe a scheme that allows a signature holder to construct the signature on an arbitrarily redacted submessage of the originally signed message. We present another scheme for signing sets that is homomorphic with respect to both union and taking subsets. Finally, we show that any signature scheme that is homomorphic with respect to integer addition must be insecure.
Sharing decryption in the context of voting or lotteries
, 2000
"... Several public key cryptosystems with additional homomorphic properties have been proposed so far. They allow to perform computation with encrypted data without the knowledge of any secret information. In many applications, the ability to perform decryption, i.e. the knowledge of the secret key, giv ..."
Abstract

Cited by 92 (6 self)
 Add to MetaCart
(Show Context)
Several public key cryptosystems with additional homomorphic properties have been proposed so far. They allow to perform computation with encrypted data without the knowledge of any secret information. In many applications, the ability to perform decryption, i.e. the knowledge of the secret key, gives a huge power. A classical way to reduce the trust in such a secret owner, and consequently to increase the security, is to share the secret between many entities in such a way that cooperation between them is necessary to decrypt. In this paper, we propose a distributed version of the Paillier cryptosystem presented at Eurocrypt ’99. This shared scheme can for example be used in an electronic voting scheme or in a lottery where a random number related to the winning ticket has to be jointly chosen by all participants.
Sensus: A SecurityConscious Electronic Polling System for the Internet
, 1997
"... We present the design and implementation of Sensus, a practical, secure and private system for polling (conducting surveys and elections) over computer networks. Expanding on the work of Fujioka, Okamoto, and Ohta, Sensus uses blind signatures to ensure that only registered voters can vote and that ..."
Abstract

Cited by 73 (0 self)
 Add to MetaCart
(Show Context)
We present the design and implementation of Sensus, a practical, secure and private system for polling (conducting surveys and elections) over computer networks. Expanding on the work of Fujioka, Okamoto, and Ohta, Sensus uses blind signatures to ensure that only registered voters can vote and that each registered voter only votes once, while at the same time maintaining voters' privacy. Sensus allows voters to verify independently that their votes were counted correctly, and anonymously challenge the results should their votes be miscounted. We outline seven desirable properties of voting systems and show that Sensus satisfies these properties well, in some cases better than traditional voting systems. 1. Introduction Democratic governments and organizations must have mechanisms for polling their members. Traditionally, elections have served as the official mechanisms for people to express their views to their governments, while surveys have augmented elections as unofficial  but...
A survey of algebraic properties used in cryptographic protocols
 Journal of Computer Security
"... Abstract: Cryptographic protocols are successfully analyzed using formal methods. However, formal approaches usually consider the encryption schemes as black boxes and assume that an adversary cannot learn anything from an encrypted message except if he has the key. Such an assumption is too stron ..."
Abstract

Cited by 66 (20 self)
 Add to MetaCart
(Show Context)
Abstract: Cryptographic protocols are successfully analyzed using formal methods. However, formal approaches usually consider the encryption schemes as black boxes and assume that an adversary cannot learn anything from an encrypted message except if he has the key. Such an assumption is too strong in general since some attacks exploit in a clever way the interaction between protocol rules and properties of cryptographic operators. Moreover, the executability of some protocols relies explicitly on some algebraic properties of cryptographic primitives such as commutative encryption. We give a list of some relevant algebraic properties of cryptographic operators, and for each of them, we provide examples of protocols or attacks using these properties. We also give an overview of the existing methods in formal approaches for analyzing cryptographic proto