Paper 2021/899
Homomorphic decryption in blockchains via compressed discrete-log lookup tables
Panagiotis Chatzigiannis, Konstantinos Chalkias, and Valeria Nikolaenko
Abstract
Many privacy preserving blockchain and e-voting systems are based on the modified ElGamal scheme that supports homomorphic addition of encrypted values. For practicality reasons though, decryption requires the use of precomputed discrete-log (dlog) lookup tables along with algorithms like Shanks's baby-step giant-step and Pollard's kangaroo. We extend the Shanks approach as it is the most commonly used method in practice due to its determinism and simplicity, by proposing a truncated lookup table strategy to speed up decryption and reduce memory requirements. While there is significant overhead at the precomputation phase, these costs can be parallelized and only paid once and for all. As a starting point, we evaluated our solution against the widely-used secp family of elliptic curves and show that we can achieve storage reduction by 7x-14x, depending on the group size. Our algorithm can be immediately imported to existing works, especially when the range of encrypted values is known, such as in Zether, PGC and Solidus protocols.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. Minor revision. CBT workshop 2021 (ESORICS)
- Keywords
- discrete logElGamalhomomorphic encryptionprecomputation
- Contact author(s)
-
kostascrypto @ fb com
pchatzig @ gmu edu
chalkiaskostas @ gmail com - History
- 2021-07-01: received
- Short URL
- https://ia.cr/2021/899
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/899,
author = {Panagiotis Chatzigiannis and Konstantinos Chalkias and Valeria Nikolaenko},
title = {Homomorphic decryption in blockchains via compressed discrete-log lookup tables},
howpublished = {Cryptology {ePrint} Archive, Paper 2021/899},
year = {2021},
url = {https://eprint.iacr.org/2021/899}
}
