100 likes | 220 Views
Paillier Threshold Encryption WebService. by Brett Wilson. Paillier Encryption. Trapdoor Discrete Logarithm Scheme c = g M r n mod n 2 n is an RSA modulus g is an integer of order n α mod n 2 r is a random number in Z n * M = L(c λ (n) mod n 2 )/L(g λ (n) mod n 2 ) mod n
E N D
Paillier Threshold Encryption WebService by Brett Wilson
Paillier Encryption • Trapdoor Discrete Logarithm Scheme • c = gMrn mod n2 • n is an RSA modulus • g is an integer of order nα mod n2 • r is a random number in Zn* • M = L(cλ(n) mod n2)/L(gλ(n) mod n2) mod n • L(u) = (u-1)/n, λ(n)=lcm((p-1)(q-1)) • Important Properties • Homomorphic • E(M1 + M2) = E(M1) x E(M2), E(k x M) = E(M)k • Self-blinding • Re-encryption with a different r doesn’t change M
Threshold Encryption • Public key encryption as usual • Distribute secret key “shares” among i participants • Decryption can only be accomplished if a threshold number t of the i participants cooperate • No information about m can be obtained with less than t participants cooperating
Threshold Paillier Encryption • Different public key and secret key generation algorithm • Distribute secret key shares using Shamir Secret Sharing scheme • “Sharing Decryption in the Context of Voting or Lotteries” Fouque, Poupard, and Stern 2000
Threshold Paillier Encryption WebService • Key generation algorithm • Input • k – size of key • l – number of shares to generate • One RSA public key (of the designated participant) for each share • t – threshold parameter • Output • Public Key PK • List SK1, …, SKl of private key shares • Encrypted with supplied RSA keys so only designated participant can recover the key share • List of Verifier Keys VK, VK1, …,VKl
Threshold Paillier Encryption WebService • Encryption Algorithm • Input • Public Key PK • Random string r • Cleartext M • Output • Ciphertext c
Threshold Paillier Encryption WebService • Share Decryption Algorithm • Input • Ciphertext c • Private Key Share Ski • Encrypted with public key of webservice • Output • Decryption share ci • Validity proof pi
Threshold Paillier Encryption WebService • Combining Algorithm • Input • Ciphertext c • List of decryption shares c1,…,cl • List of verification keys VK, VK1…VKl • List of validity proofs P1,…Pl • Output • M
Use of WebService in Secure Voting • Ballot format: pick 1 out of c candidates • Vote = 2c*log2v where c is the desired candidate number (0…c) and v is the next power of 2 greater than the maximum number of voters • All Paillier-encrypted votes could be publicly posted • At end of election, all encrypted votes could be multiplied together (publicly verifiable) • With cooperation of the required threshold number of “authorities”, the final product could be decrypted to reveal the vote total (sum of individual votes). • A threshold number of authorities would not agree to decrypt a single particular vote, and thus the individual votes would remain private • All computations are publicly verifiable given the validity proofs
Implementation Tools • Visual Studio 2005 • VB.NET • Gnu Multiprecision Library (Gmp) • Open source arbitrary precision numeric library • Compiled under Visual Studio 2005 • NGmp • Open source VB.NET binding of gmp.dll • Enables calling of gmp library functions through VB.NET • Compiled under Visual Studio 2005