How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
An efficient probabilistic public key encryption scheme which hides all partial information
Proceedings of CRYPTO 84 on Advances in cryptology
RSA and Rabin functions: certain parts are as hard as the whole
SIAM Journal on Computing - Special issue on cryptography
A hard-core predicate for all one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Computerized patient information system in a psychiatric unit: five-year experience
Journal of Medical Systems
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
An Efficient Discrete Log Pseudo Random Generator
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
Verifiable secret-ballot elections
Verifiable secret-ballot elections
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
On the Security of a Modified Paillier Public-Key Primitive
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
The Hardness of Hensel Lifting: The Case of RSA and Discrete Logarithm
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
New Semantically Secure Public-Key Cryptosystems from the RSA-Primitive
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
Efficient Two-Party Secure Computation on Committed Inputs
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Encrypted domain DCT based on homomorphic cryptosystems
EURASIP Journal on Information Security - Special issue on enhancing privacy protection in multimedia systems
Homomorphic cryptosystems based on subgroup membership problems
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
| Hi-index | 0.00 |
At EuroCrypt'99, Paillier proposed a new encryption scheme based on higher residuosity classes. The new scheme was proven to be one-way under the assumption that computing N-residuosity classes in ZN2* is hard. Similarly the scheme can be proven to be semantically secure under a much stronger decisional assumption: given w ∈ ZN2 it is hard to decide if w is an N-residue or not. In this paper we examine the bit security of Paillier's scheme. We prove that, if computing residuosity classes is hard, then given a random w it is impossible to predict the least significant bit of its class significantly better than at random. This immediately yields a way to obtain semantic security without relying on the decisional assumption (at the cost of several invocations of Paillier's original function). In order to improve efficiency we then turn to the problem of simultaneous security of many bits. We prove that Paillier's scheme hides n - b (up to O(n)) bits if one assumes that computing the class c of a random w remains hard even when we are told that c b. We thoroughly examine the security of this stronger version of the intractability of the class problem. An important theoretical implication of our result is the construction of the first trapdoor function that hides super-logarithmically (up to O(n)) many bits. We generalize our techniques to provide sufficient conditions for a trapdoor function to have this property.