Information Technology Reference
In-Depth Information
over
. Protocol 1 (see fig. 1) starts with the combination of the received share-
shares of
α
to a share of it. Then every player computes and broadcasts a share
of
e
α
over
S
. Now each player
P
i
is able to compute a share of
c
2
by multiplying
his share of
k
by
e
α
. Furthermore, he sends
c
1
to
P
S
.Aresharingof
c
2
results in
c
2
shared over
. First we have to proof, that any value
z
that is shared over
x
players can be reshared over a set of
y
players without reconstructing
z
:
S
Proof (of Correctness (xy-Resharing)).
x
x
y
y
x
y
λ
z
λ
z
i
λ
z
λ
z
λ
z
i
λ
z
i
0
,j
z
i
·
0
,i
=
z
ij
·
0
,j
·
0
,i
=
z
ji
·
0
,i
·
0
,j
=
z
j
·
(1)
i
=1
i
=1
j
=1
j
=1
i
=1
j
=1
· c
−d
1
input:
(
S
1
[
c
1
,c
21
]
,...,S
m
[
c
1
,c
2
m
]
,E
1
[
d
1
]
,...,E
n
[
d
n
])
MPC:
c
2
output:
(
E
1
[
k
1
]
,...,E
n
[
k
n
])
l.1
for all
i ∈{
1
,...,m}
do
// decryption stage 1 (
S
&
E
)+
l.2
S
i
:
c
2
i
→
(
c
2
i
1
,...,c
2
i
n
)
l.3
send
(
S
i
[
c
1
,c
2
i
1
,...,c
2
i
n
])
→
(
E
1
[
c
1
,c
2
i
1
]
,...,E
n
[
c
1
,c
2
i
n
])
l.4
for all
i ∈{
1
,...,n}
do
// decryption stage 2 (
E
)+
2
i
=
j
=1
c
2
j
i
· λ
c
2
i
E
i
:
c
1
i
=
c
d
1
,
l.5
0
,j
send
(
E
i
[
c
1
i
])
(
E
1
[
c
1
i
]
,...,E
n
[
c
1
i
])
l.6
→
l.7
for all
i ∈{
1
,...,n}
do
// decryption stage 3 (
E
)+
(
j
=1
c
1
j
λ
0
,j
)
−
1
,
E
i
:
k
i
=
c
2
i
·
i
(
k
i
1
,...,k
in
)
l.8
→
send
(
E
i
[
k
i
1
,...,k
in
])
(
E
1
[
k
i
1
]
,...,E
n
[
k
in
])
l.9
→
l.10
for all
i ∈{
1
,...,n}
do
// decryption stage 4 (
E
)+
E
i
:
k
i
=
j
=1
k
ji
· λ
k
i
l.11
0
,j
Fig. 1.
Multi-Party Protocol 1: Distributed ElGamal Encryption
A proof of correctness of protocol 1 can be given referring to the proof of xy-
Resharing and the lines of the encryption protocol:
Proof (of Correctness (Multi-Party Protocol 1)).
l
m
l
(
1
=
c
λ
0
,i
1
i
l.
=
l.
=
g
α
,
λ
c
0
,i
c
2
i
·
λ
k
0
,i
c
1
2
=
c
2
i
·
i
=1
i
=1
i
=1
⎛
⎞
l
l
l
e
λ
0
,j
j
l.
=
l.
=
⎝
⎠
·
λ
k
0
,i
λ
k
e
α
=
k
e
α
k
i
·
k
i
·
0
,i
·
·
i
=1
j
=1
i
=1