Paper 2015/990

Encryption Switching Protocols

Geoffroy Couteau, Thomas Peters, and David Pointcheval


We put forth a novel cryptographic primitive: encryption switching protocol (ESP), allowing to switch between two encryption schemes. Intuitively, this two-party protocol converts given ciphertexts from one scheme into ciphertexts of the same messages in the other scheme, for any polynomial number of switches, in any direction. Although ESP is a special kind of two-party computation protocol, it turns out that ESP implies general two-party computation under natural conditions. In particular, our new paradigm is tailored to the evaluation of functions over rings. Indeed, assuming the compatibility of two additively and multiplicatively homomorphic encryption schemes, switching ciphertexts makes it possible to efficiently reconcile the two internal laws. Since no such pair of schemes appeared in the literature, except for the non-interactive case of fully homomorphic encryption which still remains prohibitive in practice, we build the first ElGamal-like encryption scheme over (Zn;x) as a complement to the Paillier encryption scheme over (Zn;+), where n is a strong RSA modulus. Eventually, we also instantiate secure ESP between the two schemes, in front of malicious adversaries. Thanks to a pre-processing step, we manage to get an online communication in terms of group elements which neither depends on the security parameter nor on the modulus n. This makes use of a new technique called refreshable twin-ciphertext pool that is of independent interest.

Available format(s)
Public-key cryptography
Publication info
A major revision of an IACR publication in CRYPTO 2016
two-party computationhomomorphic encryptionmalicious adversaryzero-knowledge proof
Contact author(s)
geoffroy couteau @ ens fr
2016-12-23: last of 2 revisions
2015-10-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Geoffroy Couteau and Thomas Peters and David Pointcheval},
      title = {Encryption Switching Protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2015/990},
      year = {2015},
      doi = {10.1007/978-3-662-53018-4_12},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.