How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
A course in computational algebraic number theory
A course in computational algebraic number theory
Algorithmic number theory
Paillier's cryptosystem revisited
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Fast RSA-Type Cryptosystems Using N-Adic Expansion
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
The Bit Security of Paillier's Encryption Scheme and Its Applications
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
New Semantically Secure Public-Key Cryptosystems from the RSA-Primitive
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
A Practical Public Key Cryptosystemfrom Paillier and Rabin Schemes
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Provably secure fail-stop signature schemes based on RSA
International Journal of Wireless and Mobile Computing
Two Generic Constructions of Probabilistic Cryptosystems and Their Applications
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
One-wayness equivalent to general factoring
IEEE Transactions on Information Theory
New approach for selectively convertible undeniable signature schemes
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
An efficient probabilistic public-key cryptosystem over quadratic fields quotients
Finite Fields and Their Applications
Hi-index | 0.06 |
At ACM CCS '01, Catalano et al. proposed a mix of the RSA cryptosystem with the Paillier cryptosystem from Eurocrypt '99. The resulting scheme, which we call RSAP, is a probabilistic cryptosystem which is both semantically secure under an appropriate decisional assumption and as efficient as RSA, but without the homomorphic property of the Paillier scheme. Interestingly, Sakurai and Takagi presented at PKC '02 a proof that the one-wayness of RSAP was equivalent to the RSA assumption. However, we notice in this paper that the above proof is not completely correct (it works only in the case when a perfect oracle - i.e. an oracle that always provides correct answers - is given). We fix the proof by presenting a new proof based on low-dimensional lattices. The new proof, inspired by the work of Sakurai and Takagi, is somewhat related to Hensel lifting and the N-adic decomposition of integer exponentiation. Roughly speaking, we consider the problem of computing f(x) mod Ml given f(x) mod M and an exponent l 1. By studying the case f(x) = xe and M is an RSA-modulus, we deduce that the one-wayness of RSAP is indeed equivalent to the RSA assumption, and we are led to conjecture that the one-wayness of the original Paillier scheme may not be equivalent to the RSA assumption with exponent N. By analogy, we also study the discrete logarithm case, namely when f(x) = gx and M is a prime, and we show that the corresponding problem is curiously equivalent to the discrete logarithm problem in the subgroup spanned by g.