A mix-net from any CCA2 secure cryptosystem
Advances in Cryptology–ASIACRYPT 2012: 18th International Conference on the …, 2012•Springer
We construct a provably secure mix-net from any CCA2 secure cryptosystem. The mix-net is
secure against active adversaries that statically corrupt less than λ out of k mix-servers,
where λ is a threshold parameter, and it is robust provided that at most min (λ− 1, k− λ) mix-
servers are corrupted. The main component of our construction is a mix-net that outputs the
correct result if all mix-servers behaved honestly, and aborts with probability 1− O (H−(t− 1))
otherwise (without disclosing anything about the inputs), where t is an auxiliary security …
secure against active adversaries that statically corrupt less than λ out of k mix-servers,
where λ is a threshold parameter, and it is robust provided that at most min (λ− 1, k− λ) mix-
servers are corrupted. The main component of our construction is a mix-net that outputs the
correct result if all mix-servers behaved honestly, and aborts with probability 1− O (H−(t− 1))
otherwise (without disclosing anything about the inputs), where t is an auxiliary security …
Abstract
We construct a provably secure mix-net from any CCA2 secure cryptosystem. The mix-net is secure against active adversaries that statically corrupt less than λ out of k mix-servers, where λ is a threshold parameter, and it is robust provided that at most min (λ − 1,k − λ) mix-servers are corrupted.
The main component of our construction is a mix-net that outputs the correct result if all mix-servers behaved honestly, and aborts with probability 1 − O(H − (t − 1)) otherwise (without disclosing anything about the inputs), where t is an auxiliary security parameter and H is the number of honest parties. The running time of this protocol for long messages is roughly 3t c, where c is the running time of Chaum’s mix-net (1981).
Springer
以上显示的是最相近的搜索结果。 查看全部搜索结果