Abstract

vvu.bel1-labs.com/user/markusj Abstract. We introduce a robust and efficient mix-network for expo-nentiation, and use it to obtain a threshold decryption mix-network for ElGamal encrypted messages, in which mix servers do not need to trust each other for the correctness of the result. If a subset of mix servers cheat, they will be caught with an overwhelming probability, and the decryption can restart after replacing them, in a fashion that is trans-parent to the participants providing the input to be decrypted. As long as a quorum is not controlled by an adversary, the privacy of the mix is guaranteed. Our solution is proved to be secure if a commonly used assumption, the Decision Diffie-Hellman assumption, holds. Of possible independent interest are two new methods that we intro-duce: blinded destructive robustness, a type of destructive robustness with protection against leaks of secret information; and repetition ro-bustness, a method for obtaining robustness for some distributed vector computations. Here, two or more calculations of the same equation are performed, where the different computations are made independent by the use of blinding and permutation. The resulting vectors are then un-blinded, sorted and compared to each other. This allows us to detect cheating (resulting in inequality of the vectors). Also of possible independent interest is a modular extension to the El-Gamal encryption scheme, making the resulting scheme non-malleable in the random oracle model. This is done by interpreting part of the ci-phertext as a public key, and sign the ciphertext using the corresponding secret key.

Citations

1404	How to share a secret - Shamir - 1979
1023	Untraceable electronic mail, return addresses, and digital pseudonyms - Chaum - 1981
1001	Probabilistic encryption - Goldwasser, Micali - 1984
961	A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithm - ElGamal - 1985
512	Efficient signature generation for smart cards - Schnorr - 1991
394	A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack - Cramer, Shoup - 1998
206	Anonymous connections and onion routing - Syverson, Goldschlag, et al. - 1997
191	A practical secret voting scheme for large scale elections - Fujioka, Okamoto, et al. - 1992
191	Security Proofs for Signature Schemes - Pointcheval, Stern - 1996
164	Proactive secret sharing or: How to cope with perpetual leakage - Herzberg, Jarecki, et al. - 1995
162	A Threshold Cryptosystem without a Trusted Party - Pedersen - 1991
148	Mixing e-mail with BABEL - Gulcu, Tsudik - 1996
93	ISDN-Mixes: Untraceable communication with very small bandwith overhead - Pfitzmann, Pfitzmann, et al. - 1991
76	Proactive public key and signature systems - Herzberg, Jakobsson, et al. - 1997
70	Universally verifiable mix-net with verification work independent of the number of mix-servers - Abe - 1998
66	How to share a function securely - Santis, Desmedt, et al. - 1994
64	How to make personalized web browsing simple, secure, and anonymous - Gabber, Gibbons, et al. - 1997
20	Waidner: ISDN-MIXes: Untraceable Communication with Very - Pfitzmann, Pfitzmann, et al. - 1991
14	All/nothing election scheme and anonymous channel - Park, Itoh, et al. - 1993
9	Zero-knowledge undeniable signatures", Eurocrypt '90, LNCS 473 - Chaum
6	Receipt-Free Mix-Type Voting Scheme", Eurocrypt - Sako, Kilian - 1995
5	Some remarks on a receipt free and universally verifiable mix-type voting scheme - Horster, Michels, et al. - 1996
5	Receipt-Free Mix-Type Voting Scheme, Eurocrypt - Sako, Kilian - 1995
4	PUB XX, "Digital Signature Standard," National Institute of Standards and - FIPS - 1993
3	Crowds: Anonymous Web Transactions. Manuscript at http://www.research.att.com/projects/crowds - Reiter, Rubin
2	Designated Verifier Proofs and Their Applications," Eurocrypt '96 - Jakobsson, Sako, et al.
2	Distributed `Magic Ink' Signatures," Eurocrypt '97 - Jakobsson, Yung
2	Privacy vs. Anonymity - Jakobsson - 1997
1	Plaintext Awareness, NonMalleability, and Chosen Ciphertext Security: Implications and Separations," manuscript - Bellare, Desai, et al.
1	Batch Verification with Applications to Program Checking and Cryptography," Eurocrypt '98 - Bellare, Garay, et al.
1	Non-malleable cryptography," STOC'91, pp. 542 -- 552 Recall that we do not assume that the participants are honest, but only that the common case is that they are. When they are not, an extra cost is imposed for finding the identities of the cheaters - Dolev, Dwork, et al.
1	Crowds: Anonymous Web Transactions," Manuscript at www.research.att.com/projects/crowds - Reiter, Rubin
1	Probabilistic Encryption,” 3 - Goldwasser, Micah - 1984