Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Zero-knowledge proofs of identity
Journal of Cryptology
A new public key cryptosystem based on higher residues
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Paillier's cryptosystem revisited
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
A robust and verifiable cryptographically secure election scheme
SFCS '85 Proceedings of the 26th Annual Symposium on Foundations of Computer Science
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Hi-index | 0.00 |
In this paper, we revisit Paillier's trapdoor one-way function [15], focusing on the computational problem underlying its one-wayness. We formulate a new computational problem that we call one-more Paillier inversion problem. It is a natural extension of Paillier inversion problem to the setting where adversaries have access to an inversion oracle and a challenge oracle. We study the relation between the proposed problem and the one-more RSA inversion problem introduced by Bellare et al. in [2]; we prove that the one-more Paillier inversion problem is hard if and only if the one-more RSA inversion problem is hard. Then we propose a new identification scheme; we show the assumed hardness of the one-more Paillier inversion problem leads to a proof that the proposed identification scheme achieves security against concurrent impersonation attack. Compared with the known RSA-related identification schemes, the proposed identification scheme is only slightly inefficient than the best known GQ scheme, but is more efficient than Okamoto's.