Addition of ElGamal Plaintexts
نویسندگان
چکیده
We introduce an efficient method for performing computation on encrypted data, allowing addition of ElGamal encrypted plaintexts. We demonstrate a solution that is robust and leaks no information to a minority of colluding cheaters. Our focus is on a three-player solution, but we also consider generalization to a larger number of players. The amount of work is exponential in the number of players, but reasonable for small sets.
منابع مشابه
Cryptanalysis of an ElGamal-Like Cryptosystem for Enciphering Large Messages
In 2002, Hwang et al. propose an asymmetric cryptosystem in which a large message is broken into smaller plaintexts which are then encrypted efficiently. They claim that based on the assumption of the intractability of the discrete logarithm problem, their cryptosystem is secure in the sense that even knowing some pairs of plaintext-ciphertext does not allow an intruder to acquire other plainte...
متن کاملWhy Textbook ElGamal and RSA Encryption Are Insecure
We present an attack on plain ElGamal and plain RSA encryption. The attack shows that without proper preprocessing of the plaintexts, both ElGamal and RSA encryption are fundamentally insecure. Namely, when one uses these systems to encrypt a (short) secret key of a symmetric cipher it is often possible to recover the secret key from the ciphertext. Our results demonstrate that preprocessing me...
متن کاملEncoding-Free ElGamal Encryption Without Random Oracles
ElGamal encryption is the most extensively used alternative to RSA. Easily adaptable to many kinds of cryptographic groups, ElGamal encryption enjoys homomorphic properties while remaining semantically secure providing that the DDH assumption holds on the chosen group. Its practical use, unfortunately, is intricate: plaintexts have to be encoded into group elements before encryption, thereby re...
متن کاملEfficient Zero-Knowledge Argument for Correctness of a Shuffle
Mix-nets are used in e-voting schemes and other applications that require anonymity. Shuffles of homomorphic encryptions are often used in the construction of mix-nets. A shuffle permutes and reencrypts a set of ciphertexts, but as the plaintexts are encrypted it is not possible to verify directly whether the shuffle operation was done correctly or not. Therefore, to prove the correctness of a ...
متن کاملOn Chosen Ciphertext Security of Multiple Encryptions
We consider the security of multiple and possibly related plaintexts in the context of a chosen ciphertext attack. That is the attacker in addition and concurrently to obtaining encryptions of multiple plaintexts under the same key, may issue encryption and decryption queries and partial information queries. Loosely speaking, an encryption scheme is considered secure under such attacks if all t...
متن کامل