Cryptography Reference
In-Depth Information
The Paillier decryption function is then the following:
> PaillierDec := proc(privatekey::list, c::posint)
local n, f, t;
n := privatekey[1];
f := privatekey[2];
t := ((Power(c, f) mod nˆ2)-1)/n;
t/f mod n
end proc:
Example 8.19
Let us give a demonstration of how the Paillier scheme may be used
to count votes without decrypting them. We first generate a key with a 2048-bit
modulus, as well as the corresponding public and private keys (we do not print the
keys since they occupy a lot of space):
> k := PaillierKeyGen(1024, 4618020429552270915383923244723480121751,
7941027567146469878024854357212755780318):
pk := k[1]:
sk := k[2]:
Suppose now that there are 100 voters and that the votes are members of the
following list which, for convenience, is pseudo-randomly generated here (but note
that this list would not be compiled nor needed in the actual implementation of the
voting protocol):
> BG := RandomTools:-BlumBlumShub:-NewBitGenerator(123456, numbits=100, primes=1024);
votes := [BG()]:
The list of encrypted votes is then the following (again, we do not print it since it
would take many pages):
> cvotes := PaillierEnc
∼
(pk, votes):
The product ciphertext which is given to the authority is:
> pvotes := mul(i, i = cvotes) mod pkˆ2;
33373495097499325915652242445390097920992216387002790039506058043211023308890366\
61973116181282367679[...1033 digits...]9804755442993544847706326122083948527269\
799100397311881066559469905000430758471854402785188619945551
The authority obtains the vote total by decrypting the product ciphertext:
> PaillierDec(sk, pvotes);
44
Now, we step outside the protocol and make use of the list of votes to check that
the result obtained by the authority is correct:
> ListTools:-Occurrences(1, votes);
44
8.9 Final Remarks on Public-Key Encryption
We close this chapter by brieflymentioning two important areas inmodern cryptogra-
phywhich are currently undergoing fast development: fully homomorphic encryption
and lattice-based cryptography.
