STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Cryptographic Counters and Applications to Electronic Voting
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Mix and Match: Secure Function Evaluation via Ciphertexts
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A secure and optimally efficient multi-authority election scheme
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A threshold cryptosystem without a trusted party
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Proving in zero-knowledge that a number is the product of two safe primes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Protocol completion incentive problems in cryptographic Vickrey auctions
Electronic Commerce Research
| Hi-index | 0.00 |
The paper presents a new protocol for counting 1-bit secrets without revealing if the bit is 1 or 0 in publicly verifiable way. Other than the conventional multi-party protocols that involve enormous number of rounds and huge bandwidth consumption, the proposed protocol, based on the Mix and Match approach [2] in which computations are dealt with ciphertexts, requires a non-interactive constant number of round and simple but verifiable computation for both of sender and counter. The expected application of proposed protocol is an (one-bit) secret voting in which voters cast a ballot encrypted by a public key and an oblivious party (counter) makes a tally of how many votes are polled. The final tally is represented as a k-digit binary register consisting of k ciphertexts that only collaboration of distributed authorities can decrypt. Opening only the MSB of ciphtertexts allows us to see if more than half voters cast "Yes" or not without revealing the details of total number. The cost for opening is O(log n), where n is a number of voters. With the proof of knowledge, voters can prove that the vote is either 1 or 0 without revealing their privacy. The proposed protocol is universally verifiable because any third party can verify that voters, a counter and administrators do not violate the protocol. The protocol is robust against up to a constant number of malicious administrators using standard threshold scheme.