Universal Re-encryption for Mixnets
ثبت نشده
چکیده
We introduce a new cryptographic technique that we call universal re-encryption. A conventional cryptosystem that permits re-encryption, such as ElGamal, does so only for a player with knowledge of the public key corresponding to a given ciphertext. In contrast, universal reencryption may be performed without knowledge of public keys. We demonstrate an asymmetric cryptosystem with universal re-encryption that is half as efficient as standard ElGamal in terms of both computation and storage. While technically and conceptually simple, universal re-encryption leads to new types of functionality in mixnet architectures. Conventional mixnets are often called upon to enable players to communicate with one another through channels that are externally anonymous, i.e., that hide information permitting traffic-analysis. Universal re-encryption permits a mixnet of this kind to be constructed in which servers hold no public or private keying material, and may therefore dispense with the cumbersome requirements of key generation, key distribution, and private-key management. We describe two practical mixnet constructions, one involving asymmetric input ciphertexts, and another with hybrid-ciphertext inputs.
منابع مشابه
Universal Re-encryption for Mixnets
We introduce a new cryptographic technique that we call universal re-encryption. A conventional cryptosystem that permits reencryption, such as ElGamal, does so only for a player with knowledge of the public key corresponding to a given ciphertext. In contrast, universal re-encryption can be done without knowledge of public keys. We propose an asymmetric cryptosystem with universal re-encryptio...
متن کاملReputable Mix Networks
We define a new type of mix network that offers a reduced form of robustness: the mixnet can prove that every message it outputs corresponds to an input submitted by a player without revealing which input (for honest players). We call mixnets with this property reputable mixnets. Reputable mixnets are not fully robust, because they offer no guarantee that distinct outputs correspond to distinct...
متن کاملAn Improved Construction for Universal Re-encryption
Golle et al recently introduced universal re-encryption, defining it as re-encryption by a player who does not know the key used for the original encryption, but which still allows an intended player to recover the plaintext. Universal re-encryption is potentially useful as part of many information-hiding techniques, as it allows any player to make ciphertext unidentifiable without knowing the ...
متن کاملSecret, verifiable auctions from elections
Auctions and elections are seemingly disjoint. Nevertheless, similar cryptographic primitives are used in both domains. For instance, mixnets, homomorphic encryption and trapdoor bit-commitments have been used by state-of-the-art schemes in both domains. These developments have appeared independently. For example, the adoption of mixnets in elections preceded a similar adoption in auctions by o...
متن کاملUniversally Verifiable Efficient Re-encryption Mixnet
Implementing a transparent audit process when an election is conducted by electronic means is of paramount importance. Universally verifiable mixnets are focused on providing such a property by means of cryptographic proofs verifiable by any auditor. While some of these systems require high amount of computing resources that make them inefficient for real elections, others proposals reduce the ...
متن کامل