Practical Verifiable Encryption and Decryption of Discrete Logarithms

Camenisch, Jan; Shoup, Victor

doi:10.1007/978-3-540-45146-4_8

Cited by 391 publications

(367 citation statements)

References 39 publications

Supporting

Mentioning

345

Contrasting

Order By: Relevance

“…We then describe an instantiation of the generic construction that is secure under the strong RSA-assumption, the decision composite residuosity assumption, and the decision Diffie-Hellman assumption. In contrast to the scheme briefly sketched by Camenisch and Shoup [3] our scheme does not rely on the random oracle model, and it satisfies stronger security requirements than the schemes proposed in [16] and [13]. Furthermore, the setting we consider is stricter in that we do not assume the existence of a trusted key generator as is done in [3].…”

Section: Our Contributionsmentioning

confidence: 99%

“…They also proposed both a scheme based on general primitives and more practically oriented schemes, and sketched a security proof for the general construction. In their work on verifiable encryption of discrete logarithms Camenisch and Shoup [3] give a very brief sketch of a DC-signature scheme where most interactive protocols use Schnorr-style techniques.…”

Section: Previous Workmentioning

confidence: 99%

“…The cryptosystem we use is based on Cramer and Shoup's [8] CCA2-secure version of the Paillier [20] as described in [3], i.e., it is a cryptosystem with labels. This cryptosystem is special in that plaintexts "live in the exponent", which simplifies the construction of Schnorr-like proofs about the plaintext.…”

Section: The Cramer-shoup-pailler Cryptosystemmentioning

confidence: 99%

“…There are various protocols in the literature [12,1,9,3] for proving equality of integer exponents over groups of unknown order based on variations of FujisakiOkamoto commitments, under the strong RSA-assumption. These protocols are strictly speaking not proofs of knowledge, since extraction may fail with negligible probability over the choice of commitment parameters, but they can be used as proofs of knowledge provided that there are trusted commitment parameters present during the execution of the protocols.…”

Section: Proofs Of Knowledge Of Equality Relationsmentioning

confidence: 99%

See 3 more Smart Citations

Designated Confirmer Signatures Revisited

Wikström

Theory of Cryptography

View full text Add to dashboard Cite

Abstract. Previous definitions of designated confirmer signatures in the literature are incomplete, and the proposed security definitions fail to capture key security properties, such as unforgeability against malicious confirmers and non-transferability. We propose new definitions.Previous schemes rely on the random oracle model or set-up assumptions, or are secure with respect to relaxed security definitions. We construct a practical scheme that is provably secure with respect to our security definition under the strong RSA-assumption, the decision composite residuosity assumption, and the decision Diffie-Hellman assumption.To achieve our results we introduce several new relaxations of standard notions. We expect these techniques to be useful in the construction and analysis of other efficient cryptographic schemes.

show abstract

Section: Our Contributionsmentioning

confidence: 99%

Section: Previous Workmentioning

confidence: 99%

Section: The Cramer-shoup-pailler Cryptosystemmentioning

confidence: 99%

Section: Proofs Of Knowledge Of Equality Relationsmentioning

confidence: 99%

See 2 more Smart Citations

Designated Confirmer Signatures Revisited

Wikström

Theory of Cryptography

View full text Add to dashboard Cite

show abstract

“…We now briefly compare the costs of our protocol to two verifiable encryption protocols: that of Camenisch and Damgard [7] (the "CD" protocol), and Camenisch and Shoup [9] (the "CS" protocol), in Table 1. Note that the CS protocol is described only for verifiable encryption of a single secret (not verifiable group encryption); in the table, we estimate the values for k shares.…”

Section: Comparison To Non-trusted Platform Protocolsmentioning

confidence: 99%

Improving Cut-and-Choose in Verifiable Encryption and Fair Exchange Protocols Using Trusted Computing Technology

Tate

Vishwanathan

2009

Data and Applications Security XXIII

View full text Add to dashboard Cite

Abstract. Cut-and-choose is used in interactive zero-knowledge protocols in which a prover answers a series of random challenges that establish with high probability that the prover is honestly following the defined protocol. In this paper, we examine one such protocol and explore the consequences of replacing the statistical trust gained from cut-and-choose with a level of trust that depends on the use of secure, trusted hardware. As a result, previous interactive protocols with multiple rounds can be improved to non-interactive protocols with computational requirements equivalent to a single round of the original protocol. Surprisingly, we accomplish this goal by using hardware that is not designed for our applications, but rather simply provides a generic operation that we call "certified randomness," which produces a one-way image of a random value along with an encrypted version that is signed by the hardware to indicate that these values are properly produced. It is important to stress that while we use this operation to improve cut-and-choose protocols, the trusted operation does not depend in any way on the particular protocol or even data used in the protocol: it operates only with random data that it generates. This functionality can be achieved with minor extensions to the standard Trusted Platform Modules (TPMs) that are being used in many current systems.We demonstrate our technique through application to cut-and-choose protocols for verifiable group encryption and optimistic fair exchange. In both cases we can remove or drastically reduce the amount of interaction required, as well as decrease the computational requirements significantly.

show abstract

Advanced Signatures

Sanders

2022

Asymmetric Cryptography

View full text Add to dashboard Cite

Practical Verifiable Encryption and Decryption of Discrete Logarithms

Cited by 391 publications

References 39 publications

Designated Confirmer Signatures Revisited

Designated Confirmer Signatures Revisited

Improving Cut-and-Choose in Verifiable Encryption and Fair Exchange Protocols Using Trusted Computing Technology

Advanced Signatures

Contact Info

Product

Resources

About