In this paper we consider the problem of how non-malleability can be guaranteed in the submission phase and still allow the servers to start their computation with ciphertexts of the appropriate homomorphic cryptosystem. This can clearly be achieved using general techniques, but we would like a solution which is: (1) provably secure under standard assumptions, (2) non-interactive for the submitting parties, (3) very efficient for all parties in terms of computation and communication.
We give the first solution to this problem which has all these properties. Our solution is surprisingly simple and can be based on various Cramer-Shoup cryptosystems. To capture its security properties we introduce a variation of CCA2-security.Category / Keywords: protocols, CCA2-security, mix-net Date: received 31 Jul 2006, last revised 1 Oct 2007 Contact author: dog at csc kth se Available format(s): PDF | BibTeX Citation Note: We prove somewhat stronger results and illustrate the use of submission secure augmented cryptosystem explicitly. Version: 20071001:214058 (All versions of this report) Short URL: ia.cr/2006/259 Discussion forum: Show discussion | Start new discussion