A Mix-Net from Any CCA2 Secure Cryptosystem
نویسندگان
چکیده
We construct a provably secure mix-net from any CCA2 secure cryptosystem. The mix-net is secure against active adversaries that statically corrupt less than λ out of k mix-servers, where λ is a threshold parameter, and it is robust provided that at most min(λ− 1, k − λ) mix-servers are corrupted. The main component of our construction is a mix-net that outputs the correct result if all mix-servers behaved honestly, and aborts with probability 1−O(H−(t−1)) otherwise (without disclosing anything about the inputs), where t is an auxiliary security parameter and H is the number of honest parties. The running time of this protocol for long messages is roughly 3tc, where c is the running time of Chaum’s mix-net (1981).
منابع مشابه
An Adaptively Secure Mix-Net Without Erasures
We construct the first mix-net that is secure against adaptive adversaries corrupting any minority of the mix-servers and any set of senders. The mix-net is based on the Paillier cryptosystem and analyzed in the universal composability model without erasures under the decisional composite residuosity assumption, the strong RSA-assumption, and the discrete logarithm assumption. We assume the exi...
متن کاملSimplified Submission of Inputs to Protocols
Consider an electronic election scheme implemented using a mix-net; a large number of voters submit their votes and then a smaller number of servers compute the result. The mix-net accepts an encrypted vote from each voter and outputs the set of votes in sorted order without revealing the permutation used. To ensure a fair election, the votes of corrupt voters should be independent of the votes...
متن کاملAn Efficient CCA2-Secure Variant of the McEliece Cryptosystem in the Standard Model
Recently, a few chosen-ciphertext secure (CCA2-secure) variants of the McEliece public-key encryption (PKE) scheme in the standard model were introduced. All the proposed schemes are based on encryption repetition paradigm and use general transformation from CPAsecure scheme to a CCA2-secure one. Therefore, the resulting encryption scheme needs separate encryption and has large key size compare...
متن کاملAn efficient IND-CCA2 secure Paillier-based cryptosystem
This paper proposes a provably secure transformation of Paillier cryptosystem into an IND-CCA2 secure one in random oracle model. Our construction exploits the randomness extractability of Paillier cryptosystem for achieving efficiency. Lastly, we compare this conversion with other generic and specific IND-CCA2 conversions in terms of computational overhead and efficiency.
متن کاملURDP: General Framework for Direct CCA2 Security from any Lattice-Based PKE Scheme
Design efficient lattice-based cryptosystem secure against adaptive chosen ciphertext attack (IND-CCA2) is a challenge problem. To the date, full CCA2-security of all proposed lattice-based cryptosystems achieved by using a generic transformations such as either strongly unforgeable one-time signature schemes (SU-OT-SS), or a message authentication code (MAC) and weak form of commitment. The dr...
متن کامل