Abstract
Many privacy preserving blockchain and e-voting systems are based on the modified ElGamal scheme that supports homomorphic addition of encrypted values. For practicality reasons though, decryption requires the use of precomputed discrete-log (dlog) lookup tables along with algorithms like Shanks’s baby-step giant-step and Pollard’s kangaroo. We extend the Shanks approach as it is the most commonly used method in practice due to its determinism and simplicity, by proposing a truncated lookup table strategy to speed up decryption and reduce memory requirements. While there is significant overhead at the precomputation phase, these costs can be parallelized and only paid once and for all. As a starting point, we evaluated our solution against the widely-used secp family of elliptic curves and show that we can achieve storage reduction by 7x–14x, depending on the group size. Our algorithm can be immediately imported to existing works, especially when the range of encrypted values is known, such as in Zether, PGC and Solidus protocols.
Notes
- 1.
Similar compression techniques are also discussed in [3], but our work focuses on collision-free tables per group to completely avoid false positives.
- 2.
While we assume the binary representation of \(g^x\) is random, we can employ a hash function if g has some special property.
- 3.
Note that the cost of a hashmap lookup is insignificant compared to elliptic curve (EC) point addition (about 40 times in our implementation), while a scalar to EC point multiplication is around 32 times more expensive than EC point addition using the double-and-add method for small 32-bit scalars.
References
Cube-root discrete-logarithm algorithms for secure groups. http://cr.yp.to/dlog/cuberoot.html
libpgc: a c++ library for pretty good confidential transaction system. https://github.com/yuchen1024/libPGC/tree/master/PGC_openssl/PGC
Bernstein, D.J., Lange, T.: Computing small discrete logarithms faster. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 317–338. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34931-7_19
Bernstein, D.J., Lange, T.: Two grumpy giants and a baby. Cryptology ePrint Archive, Report 2012/294 (2012). http://eprint.iacr.org/2012/294
Blake, I.F., Murty, V.K., Xu, G.: A note on window \(\tau \)-naf algorithm. Inf. Process. Lett. 95(5), 496–502 (2005)
Bünz, B., Agrawal, S., Zamani, M., Boneh, D.: Zether: towards privacy in a smart contract world. In: Bonneau, J., Heninger, N. (eds.) FC 2020. LNCS, vol. 12059, pp. 423–443. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51280-4_23
Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: IEEE S&P (2018)
Cecchetti, E., Zhang, F., Ji, Y., Kosba, A.E., Juels, A., Shi, E.: Solidus: confidential distributed ledger transactions via PVORM. In: ACM CCS 2017 (2017)
Chatzigiannis, P.: Compressed small discrete-log table python code and secp256r1 precomputed table. https://github.com/PanosChtz/Homomorphic-DLog-lookup-tables
Chen, Yu., Ma, X., Tang, C., Au, M.H.: PGC: decentralized confidential payment system with auditability. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12308, pp. 591–610. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58951-6_29
Fauzi, P., Meiklejohn, S., Mercer, R., Orlandi, C.: Quisquis: a new design for anonymous cryptocurrencies. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 649–678. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_23
Galbraith, S.D., Gaudry, P.: Recent progress on the elliptic curve discrete logarithm problem. Des. Codes Cryptogr. 78(1), 51–72 (2015). https://doi.org/10.1007/s10623-015-0146-7
Galbraith, S.D., Wang, P., Zhang, F.: Computing elliptic curve discrete logarithms with improved baby-step giant-step algorithm. Cryptology ePrint Archive, Report 2015/605 (2015). http://eprint.iacr.org/2015/605
Mavroudis, V.: Computing small discrete logarithms using optimized lookup tables (2015). USCB, Koç Lab
Peng, K., Aditya, R., Boyd, C., Dawson, E., Lee, B.: Multiplicative homomorphic e-voting. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 61–72. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30556-9_6
Pollard, J.M.: Monte Carlo methods for index computation mod \(p\). Math. Comput. 32, 918–924 (1978)
Pollard, J.M.: Kangaroos, monopoly and discrete logarithms. J. Cryptol. 13(4), 437–447 (2000). https://doi.org/10.1007/s001450010010
Shanks, D.: Five number-theoretic algorithms (1973)
Ugus, O., Hessler, A., Westhoff, D.: Performance of additive homomorphic ec-elgamal encryption for tinypeds. 6. Fachgespräch Sensornetzwerke (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Chatzigiannis, P., Chalkias, K., Nikolaenko, V. (2022). Homomorphic Decryption in Blockchains via Compressed Discrete-Log Lookup Tables. In: Garcia-Alfaro, J., Muñoz-Tapia, J.L., Navarro-Arribas, G., Soriano, M. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2021 2021. Lecture Notes in Computer Science(), vol 13140. Springer, Cham. https://doi.org/10.1007/978-3-030-93944-1_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-93944-1_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93943-4
Online ISBN: 978-3-030-93944-1
eBook Packages: Computer ScienceComputer Science (R0)