Additively Homomorphic Encryption with a Double Decryption Mechanism, Revisited

  • Andreas Peter
  • Max Kronberg
  • Wilke Trei
  • Stefan Katzenbeisser
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7483)


We revisit the notion of additively homomorphic encryption with a double decryption mechanism (DD-PKE), which allows for additions in the encrypted domain while having a master decryption procedure that can decrypt all properly formed ciphertexts by using a special master secret. This type of encryption is generally considered as a practical way to enforce access control in hierachical organisations where some form of malleability properties are required. Up to now, only two additively homomorphic DD-PKE schemes have been proposed: CS-Lite by Cramer and Shoup (Eurocrypt 2002), and a variant called BCP by Bresson, Catalano and Pointcheval (Asiacrypt 2003).

In this work, we argue that the two existing schemes only provide partial solutions for hierarchical organisations. Essentially, this is due to the fact that the master authority, being in possession of the master secret, has no control on the validity of given ciphertexts. We say that the master is unable to “detect invalid ciphertexts”, which limits the employment of such schemes in practice. Therefore, we propose the first additively homomorphic DD-PKE scheme which allows the master to detect invalid ciphertexts. In fact, our scheme has the additional property that the master decryption is independent of the users’ public keys. Our solution is based on elliptic curves over rings and we prove it to be semantically secure under a DDH-related assumption. Moreover, we give experimental results on the choice of elliptic curves and their effect on the efficiency of our scheme’s setup.


Public-Key Cryptography Homomorphic Encryption Double Decryption Mechanisms Elliptic Curves Factoring 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adida, B.: Helios: Web-based open-audit voting. In: USENIX Security Symposium, pp. 335–348. USENIX Association (2008)Google Scholar
  2. 2.
    Armknecht, F., Katzenbeisser, S., Peter, A.: Group homomorphic encryption: characterizations, impossibility results, and applications. Designs, Codes and Cryptography, 1–24, doi:10.1007/s10623-011-9601-2Google Scholar
  3. 3.
    Atkin, A.O.L., Morain, F.: Elliptic curves and primality proving. Math. Comp. 61, 29–68 (1993)MathSciNetzbMATHCrossRefGoogle Scholar
  4. 4.
    Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-Privacy in Public-Key Encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)MathSciNetzbMATHCrossRefGoogle Scholar
  6. 6.
    Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) lwe. In: FOCS, pp. 97–106. IEEE (2011)Google Scholar
  7. 7.
    Bresson, E., Catalano, D., Pointcheval, D.: A Simple Public-Key Cryptosystem with a Double Trapdoor Decryption Mechanism and Its Applications. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 37–54. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Cramer, R., Shoup, V.: Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Dent, A.W., Galbraith, S.D.: Hidden Pairings and Trapdoor DDH Groups. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 436–451. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Fontaine, C., Galand, F.: A survey of homomorphic encryption for nonspecialists. EURASIP J. Inf. Secur. 2007, 15:1–15:15 (2007)Google Scholar
  11. 11.
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. J. Cryptology 23(2), 224–280 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  12. 12.
    Frey, G., Rück, H.G.: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comput. 62, 865–874 (1994)zbMATHGoogle Scholar
  13. 13.
    Galbraith, S.D.: Elliptic curve paillier schemes. J. Cryptology 15(2), 129–138 (2002)MathSciNetzbMATHGoogle Scholar
  14. 14.
    Galbraith, S.D., McKee, J.F.: The probability that the number of points on an elliptic curve over a finite field is prime. Journal of the LMS 62(03), 671–684 (2000)MathSciNetzbMATHGoogle Scholar
  15. 15.
    Galbraith, S.D., McKee, J.F.: Pairings on Elliptic Curves over Finite Commutative Rings. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 392–409. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Galindo, D., Herranz, J.: On the security of public key cryptosystems with a double decryption mechanism. Inf. Process. Lett. 108(5), 279–283 (2008)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC, pp. 169–178. ACM (2009)Google Scholar
  18. 18.
    Kiayias, A., Tsiounis, Y., Yung, M.: Group Encryption. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 181–199. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    Koyama, K., Maurer, U.M., Okamoto, T., Vanstone, S.A.: New Public-Key Schemes Based on Elliptic Curves over the Ring Z n. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 252–266. Springer, Heidelberg (1992)Google Scholar
  20. 20.
    Lenstra, H.W.: Factoring integers with elliptic curves. Annals of Mathematics, 649–673 (1987)Google Scholar
  21. 21.
    Lenstra, H.W.: Elliptic curves and number theoretic algorithms. In: Proceedings of the International Congress of Mathematicians, pp. 99–120 (1988)Google Scholar
  22. 22.
    Menezes, A., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory 39(5), 1639–1646 (1993)MathSciNetzbMATHCrossRefGoogle Scholar
  23. 23.
    Okamoto, T., Uchiyama, S.: Security of an Identity-Based Cryptosystem and the Related Reductions. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 546–560. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  24. 24.
    Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  25. 25.
    Shamir, A.: Identity-Based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  26. 26.
    Silverman, J.H.: The Arithmetic of Elliptic Curves. GTM, vol. 106. Springer (1986)Google Scholar
  27. 27.
    Youn, T.-Y., Park, Y.-H., Kim, C.-H., Lim, J.: An Efficient Public Key Cryptosystem with a Privacy Enhanced Double Decryption Mechanism. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 144–158. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Andreas Peter
    • 1
  • Max Kronberg
    • 2
  • Wilke Trei
    • 2
  • Stefan Katzenbeisser
    • 1
  1. 1.Security Engineering GroupTechnische Universität Darmstadt and CASEDGermany
  2. 2.Arbeitsgruppe Algebra/Geometrie Universität OldenburgGermany

Personalised recommendations