Additively Homomorphic Encryption with a Double Decryption Mechanism, Revisited
- 1.3k Downloads
We revisit the notion of additively homomorphic encryption with a double decryption mechanism (DD-PKE), which allows for additions in the encrypted domain while having a master decryption procedure that can decrypt all properly formed ciphertexts by using a special master secret. This type of encryption is generally considered as a practical way to enforce access control in hierachical organisations where some form of malleability properties are required. Up to now, only two additively homomorphic DD-PKE schemes have been proposed: CS-Lite by Cramer and Shoup (Eurocrypt 2002), and a variant called BCP by Bresson, Catalano and Pointcheval (Asiacrypt 2003).
In this work, we argue that the two existing schemes only provide partial solutions for hierarchical organisations. Essentially, this is due to the fact that the master authority, being in possession of the master secret, has no control on the validity of given ciphertexts. We say that the master is unable to “detect invalid ciphertexts”, which limits the employment of such schemes in practice. Therefore, we propose the first additively homomorphic DD-PKE scheme which allows the master to detect invalid ciphertexts. In fact, our scheme has the additional property that the master decryption is independent of the users’ public keys. Our solution is based on elliptic curves over rings and we prove it to be semantically secure under a DDH-related assumption. Moreover, we give experimental results on the choice of elliptic curves and their effect on the efficiency of our scheme’s setup.
KeywordsPublic-Key Cryptography Homomorphic Encryption Double Decryption Mechanisms Elliptic Curves Factoring
Unable to display preview. Download preview PDF.
- 1.Adida, B.: Helios: Web-based open-audit voting. In: USENIX Security Symposium, pp. 335–348. USENIX Association (2008)Google Scholar
- 2.Armknecht, F., Katzenbeisser, S., Peter, A.: Group homomorphic encryption: characterizations, impossibility results, and applications. Designs, Codes and Cryptography, 1–24, doi:10.1007/s10623-011-9601-2Google Scholar
- 6.Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) lwe. In: FOCS, pp. 97–106. IEEE (2011)Google Scholar
- 10.Fontaine, C., Galand, F.: A survey of homomorphic encryption for nonspecialists. EURASIP J. Inf. Secur. 2007, 15:1–15:15 (2007)Google Scholar
- 17.Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC, pp. 169–178. ACM (2009)Google Scholar
- 19.Koyama, K., Maurer, U.M., Okamoto, T., Vanstone, S.A.: New Public-Key Schemes Based on Elliptic Curves over the Ring Z n. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 252–266. Springer, Heidelberg (1992)Google Scholar
- 20.Lenstra, H.W.: Factoring integers with elliptic curves. Annals of Mathematics, 649–673 (1987)Google Scholar
- 21.Lenstra, H.W.: Elliptic curves and number theoretic algorithms. In: Proceedings of the International Congress of Mathematicians, pp. 99–120 (1988)Google Scholar
- 24.Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
- 26.Silverman, J.H.: The Arithmetic of Elliptic Curves. GTM, vol. 106. Springer (1986)Google Scholar