Shared decryption

This subprotocol implements the MPC of an ElGamal scheme.

We use the following simple version of ElGamal:

The cleartext MM is an element of the cryptographic group EE with qq points with DDH assumption, X=xGX = xG is a public key of a recipient. Then, sender creates the cyphertext (C=M+kP,K=kG)(C = M + kP, K = kG), where kRZqk \in_R \mathbb{Z}_q.

In order to decrypt, the recipient calculates M=CxKM = C - xK.


Now, consider the recipient which is an MPC with nn parties, and assume they have a Zq\mathbb{Z}_q-shared private key [x][x]. Naturally, they can obtain the shared-over-group value [M]E=C[x]K[M]_E = C - [x]K.

As a last step, they use conversion described in sharing over groups to obtain coordinate-wise representation of the message MM.

results matching ""

    No results matching ""