#### DMCA

## A Generalisation, a Simplification and some Applications of Paillier's Probabilistic Public-Key System (2001)

### Cached

### Download Links

- [www.mathmagic.cn]
- [www.brics.dk]
- [www.brics.dk]
- [www.daimi.au.dk]
- DBLP

### Other Repositories/Bibliography

Venue: | In proceedings of PKC ’01, LNCS series |

Citations: | 222 - 2 self |

### Citations

223 |
A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory, See Gunther
- Guillou, Quisquater
- 1988
(Show Context)
Citation Context ...vealed. It is easy to see that that this is equivalent to convincing V that cg -i mod n s+1 is an n s 'th power. So we now propose a protocol for this which is a simple generalisation of the one from =-=[7]-=-. We note that this and the following protocols are not zero-knowledge as they stand, only honest verifier zero-knowledge. However, first zero-knowledge protocols for the same problems can be construc... |

161 | Efficient receipt-free voting based on homomorphic encryption. - Hirt, Sako - 2000 |

128 | Non-cryptographic fault-tolerant computing in constant number of rounds of interaction. In: - Bar-Ilan, Beaver - 1989 |

86 | Efficient Multiparty Computations Secure Against an Adaptive Adversary. - Cramer, Damgard, et al. - 1999 |

17 |
B.: A secure and optimally e±cient multi-authority election scheme. In: EUROCRYPT
- Cramer, Gennaro, et al.
- 1997
(Show Context)
Citation Context ...tions of this to electronic voting schemes. A large number of such schemes is known, but the most e#cient one, at least in terms of the work needed from voters, is by Cramer, Gennaro and Schoenmakers =-=[4]. This pro-=-tocol provides in fact a general framework that allows usage of any probabilistic encryption scheme for encryption of votes, if the encryption scheme has a set of "nice" properties, in parti... |

13 |
Robust e±cient distributed RSA-key generation
- Frankel, MacKenzie, et al.
- 1998
(Show Context)
Citation Context ...get some x as result, and then computes the product d = x# (over the integers). This does not require generic multi-party computation techniques, but can be done quite e#ciently using techniques from =-=[5]-=-. Note that, while this does require communication between servers, it is not needed for every decryption, but only once for every value of s that is used. We can now show in the random oracle model t... |

12 |
E!cient receipt-free voting based on homomorphic encryption.
- Hirt, Sako
- 2000
(Show Context)
Citation Context ...t the concrete constants involved, one finds that our complexity is dominated by the term 11k log L. So for large scale elections we have gained a significant factor in complexity compared to [1]. In =-=[8]-=-, Hirt and Sako propose a general method for building receipt-free election schemes, i.e. protocols where vote-buying or-coercing is not possible because voters cannot prove to others how they voted. ... |

9 |
Sharing Decryption in the Context of Voting or
- Fouque, Poupard, et al.
- 2000
(Show Context)
Citation Context ...uish between the L candidates. Furthermore this scheme requires only 1 decryption operation, even when L > 2. 2 Related Work In work independent from, but earlier than ours, Fouque, Poupard and Stern =-=[6]-=- proposed the first threshold version of Paillier's original scheme. Like our threshold scheme, [6] uses an adaptation of Shoup's threshold RSA scheme [10], but beyond this the techniques are somewhat... |

5 | B.Schoenmakers: A Secure and Optimally Efficient Multi-Authority Election Scheme - Cramer |

4 | and Moti Yung Robust Efficient Distributed RSA-Key Generation - Frankel, MacKenzie |

3 |
Schoenmakers: Proofs of partial knowledge
- Cramer, Damg̊ard, et al.
(Show Context)
Citation Context ..., which means that we cannot obtain zero-knowledge, we can, however, obtain security in the random oracle model. As for soundness, we prove that the protocols satisfy so called special soundness (see =-=[2]-=-), which in particular implies that they satisfy standard knowledge soundness. Protocol for n s 'th powers Input: n, u Private Input for P : v, such that u = v n s mod n s+1 1. P chooses r at random m... |

2 |
and Stern: Practical MultiCandidate Election Scheme, manuscript
- Baudron, Pointcheval
- 2000
(Show Context)
Citation Context ...is correctly formed, something that is of course necessary for a secure election in practice. In work done concurrently with and independent from ours, Baudron, Fouque, Pointcheval, Poupard and Stern =-=[1]-=- propose a voting scheme somewhat similar to ours. Their work can be seen as being complementary to ours in the sense that their proposal is more oriented towards the system architectural aspects of a... |

1 |
M.Hirt and T.Rabin: E#cient Multiparty Computations Secure against an Adaptive Adversary
- Cramer, Damgard
(Show Context)
Citation Context ...ng block allows a prover to convince a verifier that three encryptions contain values a, b and c such that ab = c mod n s . For this, we propose a protocol inspired by a similar construction found in =-=[3]-=-. Protocol Multiplication-mod-n s Input: n, g, e a , e b , e c Private Input for P : a, b, c, r a , r b , r c such that ab = c mod n and e a = E(a, r a ), e b = E(b, r b ), e c = E(c, r c ) 1. P choos... |