Verifiable secret sharing

About: Verifiable secret sharing is a research topic. Over the lifetime, 4241 publications have been published within this topic receiving 99569 citations.

Prêt à voter with re-encryption mixes

Abstract: We present a number of enhancements to the voter verifiable election scheme Pret a Voter [CRS05]. Firstly, we propose a mechanism for the distributed construction by a set of independent clerks of the ballot forms. This construction leads to proto-ballot forms with the candidate list encrypted and ensures that only a collusion of all the clerks could determine the cryptographic seeds or the onion/candidate list association. This eliminates the need to trust a single authority to keep this information secret. Furthermore, it allows the on-demand decryption and printing of the ballot forms, so eliminating chain of custody issues and the chain voting style attacks against encrypted receipt schemes identified in [RP05]. The ballot forms proposed here use ElGamal randomised encryption so enabling the use of re-encryption mixes for the anonymising tabulation phase in place of the decryption mixes. This has a number of advantages over the RSA decryption mixes used previously: tolerance against failure of any of the mix tellers, full mixing of terms over the Zp* space and enabling the mixes and audits to be fully independently rerun if necessary.

Revisiting Attribute-Based Encryption With Verifiable Outsourced Decryption

Abstract: Attribute-based encryption (ABE) is a promising technique for fine-grained access control of encrypted data in a cloud storage, however, decryption involved in the ABEs is usually too expensive for resource-constrained front-end users, which greatly hinders its practical popularity. In order to reduce the decryption overhead for a user to recover the plaintext, Green et al. suggested to outsource the majority of the decryption work without revealing actually data or private keys. To ensure the third-party service honestly computes the outsourced work, Lai et al. provided a requirement of verifiability to the decryption of ABE, but their scheme doubled the size of the underlying ABE ciphertext and the computation costs. Roughly speaking, their main idea is to use a parallel encryption technique, while one of the encryption components is used for the verification purpose. Hence, the bandwidth and the computation cost are doubled. In this paper, we investigate the same problem. In particular, we propose a more efficient and generic construction of ABE with verifiable outsourced decryption based on an attribute-based key encapsulation mechanism, a symmetric-key encryption scheme and a commitment scheme. Then, we prove the security and the verification soundness of our constructed ABE scheme in the standard model. Finally, we instantiate our scheme with concrete building blocks. Compared with Lai et al. ’s scheme, our scheme reduces the bandwidth and the computation costs almost by half.

Publicly Verifiable Non-Interactive Zero-Knowledge Proofs

Abstract: In this paper we construct the first publicly verifiable non-interactive zero-knowledge proof for any NP statement under the general assumption that one way permutations exist. If the prover is polynomially bounded then our scheme is based on the stronger assumption that trapdoor permutations exist. In both cases we assume that P and V have a common random string, and use it to prove a single theorem (which may be chosen as a function of the known string).

Verifiable, secret shuffles of encrypted data, such as elgamal encrypted data for secure multi-authority elections

Abstract: A cryptographic process permits one to verifiably shuffle a series of input data elements. One or more authorities or individuals 'shuffle', or 'anonymize' the input data (e.g. public keys in discrete log form or ElGamal encrypted ballot data). The process includes a validity construction that prevents any one or more of the authorities or individuals from making any changes to the original data without being discovered by anyone auditing a resulting proof transcipt. The shuffling may be performed at various times. In the election example, the shuffling may be performed, e.g., after ballots are collected or during the registration, or ballot request phase of the election, thereby anonymizing the identities of the voters.

Multiparty Protocols Tolerating Half Faulty Processors

Abstract: We show that a complete broadcast network of n processors can evaluate any function f(x1,..., xn) at private inputs supplied by each processor, revealing no information other than the result of the function, while tolerating up to t maliciously faulty parties for 2t < n. This improves the previous bound of 3t < n on the tolerable number of faults [BG W88, CCD88]. We demonstrate a resilient method to multiply secretly shared values without using unproven cryptographic assumptions. The crux of our method is a new, non-cryptographic zero-knowledge technique which extends verifiable secret sharing to allow proofs based on secretly shared values. Under this method, a single party can secretly share values v1,...vm along with another secret w = P(v1,...,vm), where P is any polynomial size circuit; and she can prove to all other parties that w = P(v1,..., vm), without revealing w or any other information. Our protocols allow an exponentially small chance of error, but are provably optimal in their resilience against Byzantine faults. Furthermore, our solutions use operations over exponentially large fields, greatly reducing the amount of interaction necessary for computing natural functions.