Since at most m providers are malicious and there are m + 1 or more decryption providers, there must exist at least one honest decryption provider in the decryption chain (which is the worse-case scenario).
Adversaries are in front of honest decryption providers in the decryption chain.
Oblivious transfer protocols are symmetric primitives that offer functionality similar to blind decryption. For oblivious transfer, there are two participants: a sender and a receiver.
General multiparty computation protocols can be also applied to implement blind decryption capabilities.
Compared to those existing constructions, the proposed scheme adopts the Lagrange interpolation polynomial to hide the receivers' identities, which result in a more efficient decryption algorithm.
The PKG doesn't participate in the encryption and decryption, i.e.
Decryption. Once the mixture signals x(t) = [[[x.sub.1](t), [x.sub.2](t), ..., [x.sub.p](t)].sup.T] are received, the key signals I are regenerated by the secret seed [I.sub.0] and the key signals II are produced by the chaotic system using the initial conditions.
The Approximate Calculation for Decryption. Multiply [k.sup.T] (t) at both sides of (3), and we get equation:
ModOnions addressed the replay attacks, but it turned out that they are susceptible to the detour attack , where a ModOnion is redirected to go back to the attacker after each routing step, and a mix is used as a decryption oracle.
Our first attack uses the fact that a form of oracle decryption is still possible even in the modified scheme.
The algorithm can be implemented using a probabilistic public-key cryptosystem that supports the homomorphic encryption and threshold decryption
, for example the adapted Paillier cryptosystem introduced in .
These tables provide information from various contributors on the encryption speed (Tables 16-21), decryption
speed (Tables 22-25), and key setup time (Tables 26-30).