Ronald Cramer, Rosario Gennaro, and Berry Schoenmakers. A Secure and Optimally Efficient Multi-Authority Election Scheme. In Walter Fumy, editor, Advances in Cryptology --- EUROCRYPT '97, volume 1233 of Lecture Notes in Computer Science, pages 103--118, Konstanz, Germany, 11--15 May 1997. Springer-Verlag.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....After that, we propose a general model for cryptographic protocols that involve social or financial choices (e.g. voting or auctions) In this model one can implement any function from class PD (e.g. maximum finding in the case of auctions) by using subquadratic length interaction. As [CGS97,DJ01,LAN02], our model uses a certain encoding function enc together with a homomorphic public key cryptosystem. Finally, we propose a few alternative constructions for the encoding function. Until now, one has mostly used the function enc(n) a , where a is an a priori fixed upper limit on the number ....

....predicate [y = f(x) belongs to PD. As we have shown, extremely efficient arguments are available when f 2 L 2 . It is not known how to implement as efficiently so many different schemes for such a broad variety of functions f in the model that involves threshold trust but no third party like in [CGS97,DJ01]. In particular, no really efficient (b 1)st price auctions are known in the threshold trust scenario. Efficient Range Arguments in Exponents. The costliest part of the otherwise efficient voting protocol of [DJ01] involves an argument for AK(y = EK (enc( 2 [0; h] that is necessary to ....

Ronald Cramer, Rosario Gennaro, and Berry Schoenmakers. A Secure and Optimally Efficient Multi-Authority Election Scheme. In Walter Fumy, editor, Advances in Cryptology --- EUROCRYPT '97, volume 1233 of Lecture Notes in Computer Science, pages 103--118, Konstanz, Germany, 11--15 May 1997. Springer-Verlag.

....for checking the proofs. Therefore, it is of great importance to address the scalability problem if we want to deploy this system. Moreover the scenario is adapted to numerous practical situations where local results represent also valuable information. 1. 2 Related Work Election schemes [1, 2, 31, 9, 10, 33] were first described by Benaloh [1] All these voting schemes primarily discuss only yes no vote. Two election models have been proposed so far. # ACM 2001. In Benaloh schemes, a voter shares his vote between n authorities so that (t 1) out of them can recover it. Next, each authority ....

....so far. # ACM 2001. In Benaloh schemes, a voter shares his vote between n authorities so that (t 1) out of them can recover it. Next, each authority computes its encrypted share of the tally and finally at least t 1 authorities should collaborate to actually compute the tally. Cramer et al. [10] use another model in which all voters send their encrypted votes to a single combiner. Using the homomorphic property of the cryptosystem, this entity computes the encrypted tally in a publicly verifiable way. Then, the combiner forwards it to the authorities and (t 1) out of them should ....

[Article contains additional citation context not shown here]

R. Cramer, R. Gennaro, and B. Schoenmakers. A Secure and Optimally Efficient Multi-Authority Election Scheme. In Eurocrypt '97, LNCS 1233, pages 113--118. Springer-Verlag, 1997.

....for our protocol is O(mn log n) In section 4.2 we expand the constants in the method to show that is practical if both n and m are at the low to middle part of their ranges. Users computers perform all the computation in the method. It would be simpler to do this using a set of servers as in [5], but this would not achieve our goal of a community based system. Our peer to peer version includes additional verification steps that [5] does not (their protocol is publicly verifiable but verification is not included in it) We assume that a fraction # 1 2 of the users machines are ....

....low to middle part of their ranges. Users computers perform all the computation in the method. It would be simpler to do this using a set of servers as in [5] but this would not achieve our goal of a community based system. Our peer to peer version includes additional verification steps that [5] does not (their protocol is publicly verifiable but verification is not included in it) We assume that a fraction # 1 2 of the users machines are uncorrupted. Our protocol proceeds in rounds, and we model corruption as a static adversary on each round [1, 12] That is, the adversary can ....

[Article contains additional citation context not shown here]

R. Cramer, R. Gennaro, and B. Schoenmakers. A secure and optimally efficient multi-authority election scheme. European Transactions on Telecommunications, 8(5):481--490, 1997.

....not to cast a vote, nobody is able to cast a fraudulent vote in place of the voter. 1 Introduction Secure electronic voting requires the exchange of untraceable yet authentic messages. Broadly two different approaches have been proposed: i) approaches that require complex encryption schemes [1, 6, 7, 10], and ( ii) approaches that require an anonymous channel [2, 5, 8, 9, 11, 12, 13, 14] that is used to cast the ballot as an untraceable message. The protocol we propose does not require any complex cryptographic schemes. Our protocol is similar to the ones in [8, 9] but does not need an anonymous ....

R. Cramer, R. Gennaro, and B. Schoenmakers. A Secure and Optimally Efficient Multi-Authority Election Scheme. In Advances in Cryptology -- EUROCRYPT '97, volume 1233 of Lecture Notes in Computer Science, pages 103--118. Springer-Verlag, Berlin, 1997.

....Internet. Secure electronic voting requires the exchange of untraceable yet authentic messages. Over the past few years quite an amount of work has been done in this area. Broadly two different approaches have been proposed: 1. approaches that rely on complex encryption schemes to cast a ballot [1, 7, 8, 9, 11, 14] (Note: all security protocols use some form of encryption technology; these protocols make use of complex technology that are not widely prevelant. 2. approaches that rely on the existence of an anonymous channel [2, 6, 10, 12, 15, 17, 18, 19] that is used to cast the ballot as an untraceable ....

....vote casting. To our knowledge no other voting protocol can make such a claim. 2 Related Work A number of electronic voting protocols have been proposed over the last few years. These can be broadly divided into two types: 1. approaches that rely on complex encryption schemes to cast a ballot [1, 7, 8, 9, 11, 14]. Note all security protocols use some form of encryption technology; these particular protocols use complex technologies that are not widely prevelant for example zero knowledge protocols and threshold cryptosystems. 2. approaches that rely on the existence of an anonymous channel [2, 6, 10, ....

[Article contains additional citation context not shown here]

R. Cramer, R. Gennaro, and B. Schoenmakers. A Secure and Optimally Efficient Multi-Authority Election Scheme. In Advances in Cryptology -- EUROCRYPT '97, volume 1233 of Lecture Notes in Computer Science, pages 103--118. Springer-Verlag, Berlin, 1997.

....are connected by pairwise secure channels. After these fundamental results were published in the late eighties, multi party computation has seen a revival in the late nineties. Some results are mentioned briefly. Efficient protocols for concrete problems were developed, for instance for voting [24, 43], shared RSA key generation [12] and threshold public key cryptosystems and signature schemes (e.g. see [83] and the 12 references therein) Threshold adversaries were generalized to general adversary structures [41] and the efficiency of protocols that work for any function were improved from ....

R. Cramer, R. Gennaro, and B. Schoenmakers, A secure and optimally efficient multi-authority election scheme, European Transactions on Telecommunications, vol. 8, pp. 481--489, Sept. 1997.

....In these schemes, voters get a receipt that will help them check the final tally. Note that this useful property, also known as atomic verifiability, is not met in current physical based elections. An even more desirable property for electronic elections is universal verifiability (e.g. see [8]) which not only permits the voter to verify that the vote has been counted correctly, but also gives voters the means to verify that the election tally actually represents the sum of the votes cast. Current research is focused on receipt free schemes that also establish universal ....

....of tampering with the blackbox. In Section 4 we present an implementation with a tamper resistant smartcard, where receipt freeness is achieved by distributing the voting procedure between the voter and the smartcard. This implementation is based on the voting scheme of Cramer Gennaro Schoenmakers [8], and is suitable for PCs and the Internet. Section 5 concludes the paper. 2. REQUIREMENTS FOR RECEIPT FREENESS Below we define the minimal requirements for an election scheme to be receiptfree without any assumptions on the untappability of the communication channels between the voter and the ....

[Article contains additional citation context not shown here]

Cramer R, Gennaro R, Schoenmakers B. A secure and optimally efficient multi-authority election scheme. Proceedings of EUROCRYPT '97, LNCS; Springer-Verlag, 1997; 1233:103-118.

....privacy is sometimes required [8] while we only require computational privacy. Receipt freeness [2] and preventing vote duplication can be achieved by other means (see, for example, 17] and are not considered here. Many voting schemes meeting the above requirements have been proposed [6, 3, 4, 8, 9, 23, 10]. However, all previously known schemes achieving universal verifiability rely on fully homomorphic encryption schemes, where the homomorphism is over additive group Z n and n is larger than the number of voters (our use of the term fully homomorphic is explained above) One typical paradigm is ....

....proof that decryption was done correctly. In this way, everyone is assured that all votes were correctly counted. Many examples of fully homomorphic encryption schemes are known (for example: 12, 6, 21] The voting schemes of [6, 3, 4] are based on the r th residuosity assumption, those of [8, 9, 23] are based on the discrete logarithm assumption in prime groups, and the scheme of [10] is based on hardness of deciding residue classes in Z N 2 . Even so, it is interesting to determine the minimal assumptions under which an efficient voting protocol can be constructed. We show how privacy ....

[Article contains additional citation context not shown here]

R. Cramer, R. Gennaro, and B. Schoenmakers. A Secure and Optimally Efficient Multi-Authority Election Scheme. Eurocrypt 1997.

....changed to accommodate e voting into conventional voting process. I will call this political activity. Theoretical activity belongs to the field of cryptography and has lasted for at least twenty years. The most influentious papers in this field are (personal opinion) Cha81] Ben87] BT94] [CGS97]. Reader can find a partial overview of this topic in my semester work [Myr00] Basically, it can be said, that there exist solutions of acceptable security and complexity, although there is enough place for further advances. There exist some number of firms, which provide e voting solutions. The ....

....although there is enough place for further advances. There exist some number of firms, which provide e voting solutions. The most well known of them are probably [VoteHere.net] and [Election.com] The first of them provides (at least) some description of their technology and is based on [CGS97], which is a good cryptographical construction. On the other hand the second of them has received more media attention, but does not present any description of their technology at their web site (which is a disadvantage, to my opinion) A number of workshops have been conducted, which ....

[Article contains additional citation context not shown here]

R. Cramer, R. Gennaro, B. Schoenmakers. A Secure and Optimally Efficient Multi-Authority Election Scheme. European Transactions of Telecommunications, 8:481-489, 1997.

..... 31 3 Existing Election Schemes 33 3.1 Types of Election Schemes . 33 3.2 Comparing Election Schemes . 34 3.3 Schemes Based on Homomorphic Encryption . 34 3.3. 1 Scheme From [CGS97] . 34 3.3.2 Scheme From [Ben87] 36 3.3.3 Scheme From [BT94] 39 3.4 Schemes Based on Mix Nets . 39 3.4.1 Original Applications . ....

..... 42 4 Meta Considerations 45 4.1 Types of Communication Channels Needed . 45 4.2 Types of Trust Needed . 46 4.3 Proving the Value of Ballot in ZK . 47 5 Some New Ideas 48 5. 1 Altering [CGS97] for L Option Questions . 48 5.2 Altering [HS2000] for L Option Questions . 49 5.3 Some Practical Modifications of [HS2000] 50 Res umee (In Estonian) 52 Bibliography 53 2 Introduction The process of voting is a cornerstone ....

[Article contains additional citation context not shown here]

R. Cramer, R. Gennaro, B. Schoenmakers. A Secure and Optimally Efficient Multi-Authority Election Scheme. European Transactions of Telecommunications, 8:481-489, 1997.

....[13, 19, 26] are not fair and [5, 12, 19, 22, 29] are not practical for large scale elections. In all single authority voting schemes [10, 13, 16, 19, 26] voters can not abstain from voting after the registration phase. If they do it, the authority can add extra votes as he wishes. Cramer et al. [7] proposed a voting scheme based on homomorphic encryption and proofs of knowledge. which is suitable for large scale elections since the computation and communication overheads are small even if the number of voters is large. The essential drawback of this scheme is that if t authorities conspire, ....

R. Cramer, R. Gennaro and B. Schoenmakers, "A secure and optimally efficient multiauthority election scheme," Advances in Cryptology: Proc. of EuroCrypt'97, LNCS 1233, pp. 103--118, Springer-Verlag, 1997. 19

....a number of tallying authorities through a special type of broadcast channel. Rather than hiding the correspondence between the voter and his ballot, the value of the vote is hidden. Among 2 these latter type of schemes are [Ive91, SK94, BT94] More recent proposals are those of Cramer et al. [CFSY96, CGS97] and Schoenmakers [Sch99] For other related work on electronic voting schemes see [FOO92, OO89, NR94, HS00] 1.2 Our Contributions This work s first contribution is that it elicits the fact that all current proposals for electronic voting schemes disclose the final tally of the votes. As ....

....final tally is consistent with the correctly cast ballots. ffl No duplication: No one can duplicate anyone else s vote. ffl Receipt Freeness: No voter can prove to a third party that he she has cast a particular vote. In our scheme the voters send in a ballot identical to those proposed in [CGS97], i.e. an ElGamal ciphertext representing his her vote plus a proof that the ciphertext is indeed a valid ballot. Hence, as in [CGS97] both the computational and communicational complexity of the voter s protocol is linear in the security parameter k thus optimal. 1 Moreover, for any ....

[Article contains additional citation context not shown here]

R. Cramer, R. Gennaro, and B. Schoenmakers. A secure and optimally efficient multi-authority election scheme. In EuroCrypt'97, 103--118. Springer-Verlag. LNCS Vol. 1233.

....definitions of CCA security in [9] Following this work, we propose adequate definitions to assert the CPA security of threshold cryptosystems. Homomorphic cryptosystems have been used in electronic voting schemes with multiple authorities among which the decryption process is distributed [5]. The previously proposed schemes use a variant of the ElGamal encryption scheme : instead of encrypting m with (g k ; my k ) it computes (g k ; g m y k ) Unfortunately, such a scheme cannot be considered as a trapdoor discrete logarithm scheme because no trapdoor exists to determine m ....

....encryption schemes. We show how one can use this primitive to build a multiple voting scheme or a lottery scheme. Multiple election schemes. Threshold trapdoor discrete logarithm cryptosystems can be used to distribute an electronic election between multiple authorities, as proposed in [5]. With our threshold trapdoor discrete logarithm scheme, we can determine the tally directly from the trapdoor. Systems that require exhaustive search at a point of the decryption phase are not able to solve some situations. For example, if we want to make multiple election, we can use the ....

R. Cramer, R. Gennaro, and B. Schoenmakers. A Secure and Optimally Efficient Multi-Authority Election Scheme. In Eurocrypt '97, LNCS 1233, pages 113--118. Springer-Verlag, 1997.

....are corrupted. In a model where additionally physical broadcast channels are available, unconditional security is achievable if at most t n=2 players are corrupted [RB89, Bea91b, CDD 99] 1. 2 Efficiency Considerations In contrast to protocols for specific tasks like voting (e.g. CFSY96, CGS97] or auctioning (e.g. FR96] all previous protocols for general multi party computation are quite inefficient and impractical. First steps towards more efficient protocols were taken in [FY92] and in [GRR98] where first a private but Research supported by the Swiss National Science Foundation ....

Ronald Cramer, Rosario Gennaro, and Berry Schoenmakers. A secure and optimally efficient multi-authority election scheme. In Advances in Cryptology --- EUROCRYPT '97, Lecture Notes in Computer Science, 1997.

.... found in [13] Various criteria have been applied to the classification of these works, for example, existence of anonymous channels or public channels [10,16] single voter s vulnerability [13] ways of privacy protection [1,5] trust on authorities in the schemes [17] practicality or efficiency [2,6], cryptographic features used [15] etc. We are interested in practical schemes with sound potential for practical implementation. One such pragmatic scheme is the Fujioka Okamoto Ohta (FOO) protocol [10] That has been implemented in several variations [7,8,12] We adopt this protocol as the ....

R. J. F. Cramer, R. Gennaro, and B. Schoenmakers. A secure and optimally efficient multi-authority election scheme. In the Proceedings of Advances in Cryptology - Eurocrypt '97, pages 103--118. Springer-Verlag, 1997.

....his improvement publicly verifiable secret sharing, or PVSS) we observe a more economic use of the proof primitive. In our usage, the public key used for publicly verifiable encryption and verification will be that of a robust threshold ElGamal cryptosystem (such a cryptosystem is described in [3]) in which the matching private key is shared in threshold among a set of shareholders such that the private key has never been and will never be constructed even in the time of decryption. It is conceivable that a combination of the Stadler s proof primitive and the robust threshold ElGamal ....

....key y has the form of g x mod p where the private key x is shared among the shareholders in threshold. The shared private key x has never been and will never be constructed. A knowledgeproof based technique will allow the shareholders to decrypt a message without constructing x. Section 2. 3 of [3] provides a succinct description in setting up such a cryptosystem and in decryption. A message m encrypted under the public key y in ElGamal [4] is written as a pair (in the rest of the paper apparently omitted modulo operations will be in mod p) A; B) g k ; y k m) modp) 1) The ....

[Article contains additional citation context not shown here]

R. Cramer, R. Gennaro and B. Schoenmakers. A secure and optimally efficient multi-authority election scheme. In Advances in Cryptology --- Proceedings of EUROCRYPT'97 (LNCS 1233), pages 103--118. Springer-Verlag, 1997.

....on PVSS. It turns out that the PVSS scheme exactly matches the discrete log setting and assumptions required for the remainder of the election scheme. The resulting scheme combines several of the advantages of previous election schemes, and fits conceptually between the schemes of [CFSY96] and [CGS97]. It achieves the same set of security properties as these schemes. 3 Finally, Section 6 contains several more applications of our PVSS schemes, including a generalization of Binding ElGamal [VT97] and other constructions related to software key escrow, such as [YY98] We show how threshold ....

....will produce G p j (0) s j , due to the homomorphic property. Combining with Q m j=1 U j = G s j v j , we obtain G v j , from which the tally T = v j , 0 T m, can be computed efficiently. 11 Conceptually, the above election scheme fits between the schemes of [CFSY96] and [CGS97]. It achieves the same level of security with regard to universal verifiability, privacy, and robustness. Voter independence can also be achieved in the same way as in those papers. The main difference with [CGS97] is that our scheme does not require a shared key generation protocol for a ....

[Article contains additional citation context not shown here]

R. Cramer, R. Gennaro, and B. Schoenmakers. A secure and optimally efficient multi-authority election scheme. In Advances in Cryptology--- pages 103--118, Berlin, 1997. Springer-Verlag.

....protocols, which rely on more advanced cryptographic techniques such as verifiable secret sharing and zero knowledge proofs of knowledge. In this paper we will consider a method based on homomorphic encryption, which yields a particularly efficient system. The details can be found in [9]. Discrete Log Problem For concreteness, we will consider the discrete log problem for a group G q obtained as a subgroup of order q of Z # p , where p is a 1024 bit prime and q is a 160 bit prime satisfying q p 1. Simply put, this July 2000 7 Figure 1: The Bulletin Board means that G q is ....

....all submitted ballots, # i (a i , b i ) g # i r i , h # i r i g # i v i ) is computed. The talliers jointly decrypt the product, which yields the sum of the votes, # i v i , as the desired tally. We have deliberately omitted some of the (harder) details, which can be found in [9]. Namely, in the voting stage, the voter must also provide a proof of validity that shows that the encrypted vote is indeed in 0, 1 (and not 4 or 123 for example) without revealing any information on the actual value of v. For this we use an efficient zero knowledge proof of knowledge. And, in ....

R. Cramer, R. Gennaro, and B. Schoenmakers. A secure and optimally efficient multi-authority election scheme. In Advances in Cryptology--- EUROCRYPT '97, volume 1233 of Lecture Notes in Computer Science, pages 103--118, Berlin, 1997. Springer-Verlag.

....with a symmetric key that is shared among the proxies appeared first in [32] as a way to shorten the size of shares in computationally secure secret sharing schemes. The specific idea of using threshold cryptosystems to bootstrap secret sharings (exclusively for efficiency reasons) appeared in [9, 22]. The idea of encrypting a signature and then proving in ZK that the ciphertext contains a valid signature has appeared in several places. In [10] it was proposed as a general paradigm to construct undeniable signatures but the specific efficient solutions work only for ElGamal like signatures. ....

R. Cramer, R. Gennaro and B. Schoenmakers. A Secure and Optimally Efficient MultiAuthority Election Scheme. European Transactions of Telecommunications, Vol.8, No.5, pp.481--490, September 1997.

....of corresponding decryption shares oe 1 ; oe n is produced. The scheme is robust 5 if the recovery algorithm recovers the plaintext m (at least with overwhelming probability) even if at most k Gamma 1 of the decryption shares are incorrect. Robust threshold cryptosystems are presented in [8, 19] and we follow their general approach in order to make our schemes robust. To define security against chosen ciphertext attack, we consider the following game played against an adversary. Game A A1 The adversary chooses to corrupt a fixed set of k Gamma 1 servers. A2 The key generation ....

R. Cramer, R. Gennaro and B. Schoenmakers. A Secure and Optimally Efficient MultiAuthorithy Election Scheme. In Advances in Cryptology--Eurocrypt '97, pages 103--118, 1997.

....a long time. Indeed, the first DKG scheme was proposed by Pedersen in [Ped91a] It then appeared, with various modifications, in several papers on threshold cryptography, e.g. CMI93, Har94, LHL94, GJKR96, HJJ 97, PK96, SG98] and distributed cryptographic applications that rely on it, e.g. CGS97] Moreover, a secure DKG protocol is an important building block in other distributed protocols for tasks different than the generation of keys. One example is the generation of the randomizers in discrete log based signature schemes (for example the r value in a (r; s) DSS signature as in ....

R. Cramer, R. Gennaro, and B. Schoenmakers. A secure and optimally efficient multi-authority election scheme. In Advances in Cryptology --- Eurocrypt '97, pages 103--118. LNCS No. 1233.

....has to remain secure for a long period of time. In other applications it is beneficial to proactivize the capability to decrypt a message encrypted with a public key encryption system. Examples include electronic voting systems where voters encrypt their votes with the voting center s public key [10], and secure repositories where users keep sensitive data in a certified way. Implementations. We are aware of three implementation efforts of proactive security systems currently under way: by Sandia National Labs, IBM Research, and a DARPA project. We elaborate on these efforts in Section 3. 2 ....

R. Cramer, R. Gennaro, and B. Schoenmakers. A secure and optimally efficient multi-authority election scheme. In Walter Fumy, editor, Advances in Cryptology --- Eurocrypt '97, pages 103-- 118, 1997. Springer-Verlag. Lecture Notes in Computer Science No. 1233.

....with a symmetric key that is shared among the proxy appeared first in [32] as a way to shorten the size of shares in computationally secure secret sharing schemes. The specific idea of using threshold cryptosystems to bootstrap secret sharings appeared (exclusively for efficiency reasons) in [9, 22]. The idea of encrypting a signature and then proving in ZK that the ciphertext contains a valid signature has appeared in several places. In [10] it was proposed as a general paradigm to construct undeniable signatures but the specific efficient solutions work only for ElGamal like signatures. In ....

R. Cramer, R. Gennaro and B. Schoenmakers. A Secure and Optimally Efficient MultiAuthority Election Scheme. European Transactions of Telecommunications, Vol.8, No.5, September 1997.

No context found.

Ronald Cramer, Rosario Gennaro, and Berry Schoenmakers. A Secure and Optimally Efficient Multi-Authority Election Scheme. In Walter Fumy, editor, Advances in Cryptology --- EUROCRYPT '97, volume 1233 of Lecture Notes in Computer Science, pages 103--118, Konstanz, Germany, 11--15 May 1997. Springer-Verlag.

No context found.

Ronald Cramer, Rosario Gennaro, and Berry Schoenmakers. A secure and optimally efficient multi-authority election scheme. Lecture Notes in Computer Science, 1233:103+, 1997.

No context found.

Cramer, R. et al, 1997. A Secure and Optimally Efficient Multi-Authority Election Scheme. Proceedings of Advances in Cryptology -- EUROCRYPT '97. pp. 103-118.

No context found.

R. Cramer, R. Gennaro, and B. Schoenmakers. A secure and optimally efficient multi-authority election scheme. In Theory and Application of Cryptographic Techniques, pages 103--118, 1997.

No context found.

R. Cramer, R. Gennaro, B. Schoenmakers. A secure and optimally efficient multi-authority election scheme. Advances in Cryptology - EUROCRYPT '97, Lecture Notes in Computer Science, Springer-Verlag, 1997.

No context found.

Cramer, R., R. Gennaro, and B. Schoenmakers. (1997). "A Secure and Optimally Efficient Multi-Authority Election Scheme." In Advances in Cryptology---EUROCRYPT '97, Lecture Notes in Computer Science, Vol. 1233. Berlin: Springer, pp. 103--118.

No context found.

Cramer, R., R. Gennaro and B. Schoenmakers. A secure and optimally efficient multi-authority election scheme. In Advances in Cryptology --- Proceedings of EUROCRYPT'97 (LNCS 1233), pages 103--118. Springer-Verlag, 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC