International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Practical Verifiable Encryption and Decryption of Discrete Logarithms

Authors:
Jan Camenisch
Victor Shoup
Download:
URL: http://eprint.iacr.org/2002/161
Search ePrint
Search Google
Abstract: This paper presents a variant of the new public key encryption of Cramer and Shoup based on Paillier's decision composite residuosity assumption, along with an efficient protocol for verifiable encryption of discrete logarithms. This is the first verifiable encryption system that provides chosen ciphertext security and avoids inefficient cut-and-choose proofs. This has numerous applications, including fair exchange and key escrow. We also present efficient protocols for verifiable decryption, which has applications to, e.g., confirmer signatures. The latter protocols build on a new protocol for proving whether or not two discrete logarithms are equal that is of independent interest. Prior such protocols were either inefficient or not zero-knowledge.
BibTeX
@misc{eprint-2002-11684,
  title={Practical  Verifiable Encryption and Decryption of Discrete Logarithms},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols /},
  url={http://eprint.iacr.org/2002/161},
  note={extented abstract in Crypto 2003 jca@zurich.ibm.com 12289 received 1 Nov 2002, last revised 25 Aug 2003},
  author={Jan Camenisch and Victor Shoup},
  year=2002
}