One-more extension of paillier inversion problem and concurrent secure identification

Authors:
Yan Song
Affiliations:
State Key Lab. of Computer Science, Institute of Software and Graduate University of Chinese Academy of Sciences, Beijing, China
Venue:
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
Year:
2007

Citing 10
Cited 0

A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory

Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Zero-knowledge proofs of identity

Journal of Cryptology
A new public key cryptosystem based on higher residues

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Paillier's cryptosystem revisited

CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes

CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System

PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
A robust and verifiable cryptographically secure election scheme

SFCS '85 Proceedings of the 26th Annual Symposium on Foundations of Computer Science
Public-key cryptosystems based on composite degree residuosity classes

EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we revisit Paillier's trapdoor one-way function [15], focusing on the computational problem underlying its one-wayness. We formulate a new computational problem that we call one-more Paillier inversion problem. It is a natural extension of Paillier inversion problem to the setting where adversaries have access to an inversion oracle and a challenge oracle. We study the relation between the proposed problem and the one-more RSA inversion problem introduced by Bellare et al. in [2]; we prove that the one-more Paillier inversion problem is hard if and only if the one-more RSA inversion problem is hard. Then we propose a new identification scheme; we show the assumed hardness of the one-more Paillier inversion problem leads to a proof that the proposed identification scheme achieves security against concurrent impersonation attack. Compared with the known RSA-related identification schemes, the proposed identification scheme is only slightly inefficient than the best known GQ scheme, but is more efficient than Okamoto's.