Paper 2002/161

Practical Verifiable Encryption and Decryption of Discrete Logarithms

Jan Camenisch and Victor Shoup

Abstract

This paper presents a variant of the new public key encryption of Cramer and Shoup based on Paillier's decision composite residuosity assumption, along with an efficient protocol for verifiable encryption of discrete logarithms. This is the first verifiable encryption system that provides chosen ciphertext security and avoids inefficient cut-and-choose proofs. This has numerous applications, including fair exchange and key escrow. We also present efficient protocols for verifiable decryption, which has applications to, e.g., confirmer signatures. The latter protocols build on a new protocol for proving whether or not two discrete logarithms are equal that is of independent interest. Prior such protocols were either inefficient or not zero-knowledge.

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. extented abstract in Crypto 2003
Contact author(s)
jca @ zurich ibm com
History
2003-08-25: last of 2 revisions
2002-11-01: received
See all versions
Short URL
https://ia.cr/2002/161
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2002/161,
      author = {Jan Camenisch and Victor Shoup},
      title = {Practical  Verifiable Encryption and Decryption of Discrete Logarithms},
      howpublished = {Cryptology {ePrint} Archive, Paper 2002/161},
      year = {2002},
      url = {https://eprint.iacr.org/2002/161}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.