UNIVERSITY OF COLORADO – COLORADO SPRINGS
Department of Computer Science
Brett Wilson – M.S. Candidate
PaillierThreshold
Cryptography
WebService
UNIVERSITY OF COLORADO – COLORADO SPRINGS
Paillier Threshold Cryptography
Web Service User’s Manual
Brett Wilson
M.S. Candidate – Fall 2006
Advisor: Dr. C. Edward Chow
Table of Contents
Table of Contents i
Introduction
1
Installation
1
Installation steps
2
Submitting a Parameter Request 3
Format of Returned Parameters 4
Additional Information 7
i
Introduction
The introduction provides an overview of the Paillier Threshold Cryptography
Web Service and it’s potential uses.
T
he term threshold cryptography is used to describe the application of a cryptographic
system in which the ability to perform a particular encryption or decryption task is shared
between more than one entity such that only by the cooperation of a specified subset of
these entities can the task be performed. For example, in order to distribute the ability to
decrypt enformation in a public key cryptosystem, the secret key can be distributed amongst 5
different authorities in such a way that only through active cooperation of 3 or more of these
authorities can an item encrypted with the public key be decrypted. No information about the
encrypted item can be obtained if less than the required threshold of authorities (3, in this case)
cooperate. Each authority would decrypt the encrypted item using his/her/it’s key share, and
provide the partial decryption along with a proof that the decryption was done correctly. A
combiner would then verify the proofs and combine the valid decryption shares to produce the
final decrypted value (assuming at least threshold + 1 valid decryption shares).
Another possible application of such a system is for distributed digital signatures. In such a
system, the item to be signed would be hashed and then each key share holder would partially
encrypt the hash in order to personally sign it. Only by combining all of these “partial”
encryptions would someone be able to verify that the item was signed by all of the key holders.
This user’s guide provides instructions for the use of the Paillier Threshold Cryptography Web
Service (PTC WS). This web service provides for generation of the Paillier threshold
cryptography scheme outlined in [1]. The web service takes as input a request consisting of the
desired system parameters (i.e. key size, number of key shares, threshold) and returns the required
Paillier threshold cryptography system parameters (i.e. public key, secret key shares, verifier key
shares). The verifier key shares are used to generate/validate that the partial decryptions were
correctly performed. For more information regarding the underlying algorithms and
implementation details, see [2].
Installation
This section includes instructions for installing the web service software.
The PTC Web Service is implemented as a Microsoft .NET 2.0 web service. It requires
Microsoft Internet Information Server (IIS) or some other .NET 2.0 compatible web server. It
has only been tested with IIS and .NET 2.0.
1
Installation steps
These instructions specify how to unzip the source code files and create a virtual directory in IIS
such that the web service will run in the default web site.
1. Ensure IIS 5.0 or higher www services are installed on target machine by opening Control
Panel->Add or Remove Programs->Add or Remove Windows Components, and then verifying that
Internet Information Services are installed. Also check the details… button to ensure
that World Wide Web Service is also checked.
2. Ensure that .NET 2.0 is installed by checking that the directory %system
root%\Microsoft.NET\Framework\ v2.0.50727 is present and populated with many
files.
3. Unzip the PTC WS source distribution to c:\Inetpub\wwwroot or some other location
accessible to the .NET service account.
4. Open Control Panel->Administrative Tools->Internet Information Services. Expand the local
computer tree, the web sites folder, and then right-click on Default Web Site. Select
New->Virtual Directory from the context menu that appears. The virtual directory
creation wizard will appear.
Name the virtual directory (the alias)
ThresholdCryptoService or some other descriptive name. The alias defines the URL
which
will
be
used
to
access
the
service
(i.e.
http://localhost/alias/ThresholdCryptoService.asmx). In the next step, browse to and
select the top-level folder of the PTC WS source (ThresholdCryptoService) wherever you
unzipped it in the step above. Leave the default security as it is and finish the wizard.
5. You should now be able to browse to the web service at the installation location (i.e.
http://localhost/ThresholdCryptoService/ThresholdCryptoService.asmx). A service description
document should be returned.
By clicking on the method name
“GenerateThresholdParameters”, you can view the data format of the input parameter
and the return parameter.
2
Submitting a Parameter
Request
To obtain a set of Paillier Threshold Cryptography parameters, you must construct a valid request
and submit it to the web service. By browsing to the webservice in a web browser (i.e.
http://localhost/ThresholdCryptoService/ThresholdCryptoService.asmx), you can review the proper
format of the request.
POST /ThresholdCryptoService/ThresholdCryptoService.asmx HTTP/1.1
Host: localhost
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction:
"Barleydog.ThresholdCryptography/GeneratePaillierThresholdParameters
"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GeneratePaillierThresholdParameters
xmlns="Barleydog.ThresholdCryptography">
<request>
<KeySize>int</KeySize>
<NumShares>int</NumShares>
<DecryptionThreshold>int</DecryptionThreshold>
<OwnerInfos>
<OwnerInfo>
<OwnerName>string</OwnerName>
<OwnerX509>base64Binary</OwnerX509>
</OwnerInfo>
<OwnerInfo>
<OwnerName>string</OwnerName>
<OwnerX509>base64Binary</OwnerX509>
</OwnerInfo>
</OwnerInfos>
</request>
</GeneratePaillierThresholdParameters>
</soap:Body>
</soap:Envelope>
Figure 1 – Paillier Threshold Cryptography Web Service Parameter Request structure
The request basically consists of the following 4 items:

KeySize – the size of the safe prime modulus returned as part of the public key (and used
to generate the secret parameters). Valid values are 128, 256, 512, 1024, and 2048 bits.
3
The keysize also specifies the largest-sized message that can be encrypted. Encrypting
any message longer than the keysize will result in an inability to decrypt the resulting
ciphertext.

NumShares – how many secret key shares are to be generated and returned. This
number must be greater than or equal to 1.

Decryption Threshold – The system decryption share threshold. It is important to note
that this number of decryption shares must be exceeded in order to decrypt (i.e. t+1 valid
decryption shares are required)

OwnerInfos – This is an “array” of OwnerInfo structures that specify a friendly name for
the key share owner and his/her associated X509 certificate. The format of the certificate
is the raw bytes. The public key in the certificate will be used to encrypt the owner’s
keyshare so that only he/she can recover it.
Figure 1
also shows the format of the enclosing SOAP message that is to be sent to the web
service.
Format of Returned
Parameters
Once a valid request is received, the web service will return the parameters in XML format as
shown both when browsing directly to the web service and in Figure 2 The parameters consist
of 6 main items:

Public Key – These are the public parameters of the Paillier Threshold Cryptography
system as specified in [1]. The three components are returned in raw byte format
encoded as base64binary.

Secret Key – This is currently always an empty element since returning the secret key
would invalidate the key shares. It is really just an artifact of the serialization of the
class used in generating the threshold parameters.

Verification Keys – This is an “array” of verification key structures that each consist
of the system verification key base and a verification key share. These parameters are
public parameters which must be used by the key share owners to generate the proofs
of correct decryption and by the combiner for verifying the proofs. The number of
verification keys will equal the number of key shares specified in the request.

Threshold Key Shares – This is an “array” of key share structures that each consist of
a PaillierThresholdKeyShare structure. Each PaillierThresholdKeyShare consists of
an OwnerInfo structure and a SecretKeyShare structure. The OwnerInfo is a
reflection of what was submitted in the request. The SecretKeyShare consists of 3
4
components: an integer element containing the share index (shareindex), a
base64binary element containing the raw bytes of the secret key share (secretshare),
and a boolean element (encrypted). The integer share index must be used in the
decryption algorithm in order to recover the key. The key share is the raw bytes of
the assigned secret key share. The Boolean flag indicates whether the key share is
encrypted or not. If an X509 certificate was supplied for the corresponding owner in
the request, the secret key share will be encrypted with the public key in the X509
certificate and this flag will be set. Otherwise, the key share will be unencrypted and
the flag will be true.

T – This is a reflection of the threshold parameter submitted in the request. It must
be used in the decryption algorithm. It is returned here so that this structure
completely specifies the parameters of the system.

Delta – This is a number containing !, where  is the number of key shares
returned. It is returned here so that each party does not have to recalculate it.
5
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GeneratePaillierThresholdParametersResponse
xmlns="Barleydog.ThresholdCryptography">
<GeneratePaillierThresholdParametersResult>
<PublicKey>
<N>base64Binary</N>
<G>base64Binary</G>
<Theta>base64Binary</Theta>
</PublicKey>
<SecretKey>base64Binary</SecretKey>
<VerificationKeys>
<PaillierThresholdVerificationKey>
<VerificationKeyBase>base64Binary</VerificationKeyBase>
<VerificationKey>base64Binary</VerificationKey>
</PaillierThresholdVerificationKey>
<PaillierThresholdVerificationKey>
<VerificationKeyBase>base64Binary</VerificationKeyBase>
<VerificationKey>base64Binary</VerificationKey>
</PaillierThresholdVerificationKey>
</VerificationKeys>
<ThresholdKeyShares>
<PaillierThresholdKeyShare>
<OwnerInfo xsi:nil="true" />
<SecretKeyShare xsi:nil="true" />
</PaillierThresholdKeyShare>
<PaillierThresholdKeyShare>
<OwnerInfo xsi:nil="true" />
<SecretKeyShare xsi:nil="true" />
</PaillierThresholdKeyShare>
</ThresholdKeyShares>
<T>int</T>
<Delta>double</Delta>
</GeneratePaillierThresholdParametersResult>
</GeneratePaillierThresholdParametersResponse>
</soap:Body>
</soap:Envelope>
Figure 2 – Paillier Threshold Cryptography Web Service Parameter Request structure
6
Additional Information
This web service was constructed as part of a Master’s project at the University of Colorado at
Colorado Springs [2]. Another part of that project was developing a demonstration e-voting
application that utilizes this web service to obtain the cryptography parameters for the system. A
user’s guide for the e-voting application can be found in the appendix of [2]. The source code for
the e-voting application can be obtained at www.placeholder.com, or by contacting Brett Wilson
(brett@barleydog.org) or Dr. C. Edward Chow (chow@eas.uccs.edu).
References
[1] P. Fouque, G. Poupard, J. Stern, Sharing Decryption in the Context of Voting or Lotteries,
Proceedings of Financial Crypto 2000.
[2] B. Wilson, C.Chow, Implementing a Paillier Threshold Cryptography Scheme as a Web Service,
University of Colorado at Colorado Springs Master’s Project 2006.
7