Download presentation
Presentation is loading. Please wait.
1
Paillier Threshold Encryption WebService by Brett Wilson
2
Paillier Encryption Trapdoor Discrete Logarithm Scheme c = g M r n mod n 2 c = g M r n mod n 2 n is an RSA modulus n is an RSA modulus g is an integer of order nα mod n 2 g is an integer of order nα mod n 2 r is a random number in Z n * r is a random number in Z n * M = L(c λ(n) mod n 2 )/L(g λ(n) mod n 2 ) mod n M = L(c λ(n) mod n 2 )/L(g λ(n) mod n 2 ) mod n L(u) = (u-1)/n, λ(n)=lcm((p-1)(q-1)) L(u) = (u-1)/n, λ(n)=lcm((p-1)(q-1)) Important Properties Homomorphic Homomorphic E(M 1 + M 2 ) = E(M 1 ) x E(M 2 ), E(k x M) = E(M) k E(M 1 + M 2 ) = E(M 1 ) x E(M 2 ), E(k x M) = E(M) k Self-blinding Self-blinding Re-encryption with a different r doesn’t change M
3
Threshold Encryption Public key encryption as usual Distribute secret key “shares” among i participants Decryption can only be accomplished if a threshold number t of the i participants cooperate No information about m can be obtained with less than t participants cooperating No information about m can be obtained with less than t participants cooperating
4
Threshold Paillier Encryption Different public key and secret key generation algorithm Different public key and secret key generation algorithm Distribute secret key shares using Shamir Secret Sharing scheme Distribute secret key shares using Shamir Secret Sharing scheme “Sharing Decryption in the Context of Voting or Lotteries” Fouque, Poupard, and Stern 2000 “Sharing Decryption in the Context of Voting or Lotteries” Fouque, Poupard, and Stern 2000
5
Threshold Paillier Encryption WebService Key generation algorithm Key generation algorithm Input Input k – size of key k – size of key l – number of shares to generate l – number of shares to generate One RSA public key (of the designated participant) for each share One RSA public key (of the designated participant) for each share t – threshold parameter t – threshold parameter Output Output Public Key PK Public Key PK List SK 1, …, SK l of private key shares List SK 1, …, SK l of private key shares Encrypted with supplied RSA keys so only designated participant can recover the key share Encrypted with supplied RSA keys so only designated participant can recover the key share List of Verifier Keys VK, VK 1, …,VK l List of Verifier Keys VK, VK 1, …,VK l
6
Threshold Paillier Encryption WebService Encryption Algorithm Input Input Public Key PK Public Key PK Random string r Random string r Cleartext M Cleartext M Output Output Ciphertext c Ciphertext c
7
Share Decryption Algorithm Input Input Ciphertext c Ciphertext c Private Key Share Sk i Private Key Share Sk i Encrypted with public key of webservice Encrypted with public key of webservice Output Output Decryption share c i Decryption share c i Validity proof p i Validity proof p i Threshold Paillier Encryption WebService
8
Combining Algorithm Input Input Ciphertext c Ciphertext c List of decryption shares c 1,…,c l List of decryption shares c 1,…,c l List of verification keys VK, VK 1 …VK l List of verification keys VK, VK 1 …VK l List of validity proofs P 1,…P l List of validity proofs P 1,…P l Output Output M
9
Use of WebService in Secure Voting Ballot format: pick 1 out of c candidates Vote = 2 c*log 2 v where c is the desired candidate number (0…c) and v is the next power of 2 greater than the maximum number of voters Vote = 2 c*log 2 v where c is the desired candidate number (0…c) and v is the next power of 2 greater than the maximum number of voters All Paillier-encrypted votes could be publicly posted At end of election, all encrypted votes could be multiplied together (publicly verifiable) With cooperation of the required threshold number of “authorities”, the final product could be decrypted to reveal the vote total (sum of individual votes). A threshold number of authorities would not agree to decrypt a single particular vote, and thus the individual votes would remain private A threshold number of authorities would not agree to decrypt a single particular vote, and thus the individual votes would remain private All computations are publicly verifiable given the validity proofs All computations are publicly verifiable given the validity proofs
10
Implementation Tools Visual Studio 2005 VB.NET VB.NET Gnu Multiprecision Library (Gmp) Open source arbitrary precision numeric library Open source arbitrary precision numeric library Compiled under Visual Studio 2005 Compiled under Visual Studio 2005NGmp Open source VB.NET binding of gmp.dll Open source VB.NET binding of gmp.dll Enables calling of gmp library functions through VB.NET Enables calling of gmp library functions through VB.NET Compiled under Visual Studio 2005 Compiled under Visual Studio 2005
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.