Zero-Knowledge proofs for valid decryption !!
Helger Lipmaa
helger at tml.hut.fi
Mon Jul 9 09:50:20 EDT 2001
One reference out of my mind is:
* Yevgeniy Dodis, Shaih Halevi and Tal Rabin, "A Cryptographic Solution
to a Game Theoretic Problem" , CRYPTO 2000.
http://www.toc.lcs.mit.edu/~yevgen/ps/game-abs.html
(See Appendix A, esp A.1, and references therein)
Helger Lipmaa
http://www.tcs.hut.fi/~helger/
On Mon, 9 Jul 2001, Emmanouil Magkos wrote:
> There is a list of encrypted messages, published on a bulletin board. Rackel
> and only Rackel can decrypt this messages. Encryption is probabilistic, for
> instance ElGamal: E(m)=(g^r, h^r m), where h=g^s with {s} be the private
> key of Racel and {r} be a randomness chosen by the sender.
>
> Rackel decrypts E(m_1), E(m_2), E(m_3), and publish the decrypted results in
> random order, say (m_2, m_1, m_3). Is there a way for Rackel to prove that
> the list of m_i contains only correct open values of the list of E(m_i),
> without revealing:
>
> 1) the linkage between [E(m_i), m_i]
> 2) the private decryption key s
>
> (note that she doesn't know the randomness {r})
>
> Does anybody know whether there exists such solution ??.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list