Paper 2011/109

Secure Blind Decryption

Matthew Green


In this work we construct public key encryption schemes that admit a protocol for /blindly/ decrypting ciphertexts. In a blind decryption protocol, a user with a ciphertext interacts with a secret keyholder such that the user obtains the decryption of the ciphertext and the keyholder learns nothing about what it decrypted. While we are not the first to consider this problem, previous works provided only weak security guarantees against malicious users. We provide, to our knowledge, the first practical blind decryption schemes that are secure under a strong CCA security definition. We prove our construction secure in the standard model under simple, well-studied assumptions in bilinear groups. To motivate the usefulness of this primitive we discuss several applications including privacy-preserving distributed file systems and Oblivious Transfer schemes that admit /public/ contribution.

Note: This full version contains a significantly more detailed explanation of constructions, detailed proofs of security, and an extended applications section. It also corrects a typographical error in the F-signature construction.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. This is a full version of a paper that appears in the proceedings of PKC 2011.
public-key encryptionprivacy-preserving protocolssignaturesbilinear maps
Contact author(s)
matthewdgreen @ gmail com
2011-03-05: received
Short URL
Creative Commons Attribution


      author = {Matthew Green},
      title = {Secure Blind Decryption},
      howpublished = {Cryptology ePrint Archive, Paper 2011/109},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.