In 1994, Josh Benaloh proposed a probabilistic homomorphic encryption scheme,
enhancing the poor expansion factor provided by Goldwasser and Micali's scheme.
Since then, numerous papers have taken advantage of Benaloh's homomorphic
encryption function, including voting schemes, non-interactive verifiable
secret sharing, online poker... In this paper we show that the original
description of the scheme is incorrect, possibly resulting in ambiguous
decryption of ciphertexts. We give a corrected description of the scheme,
provide a complete proof of correctness and an analysis of the probability of
failure in the initial description.