Paillier's cryptosystem revisited
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Efficient, Perfect Random Number Generators
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Fast RSA-Type Cryptosystems Using N-Adic Expansion
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
The Bit Security of Paillier's Encryption Scheme and Its Applications
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Low-exponent RSA with related messages
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Finding a small root of a univariate modular equation
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
New public key cryptosystems based on the dependent-RSA problems
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
On the Security of a Modified Paillier Public-Key Primitive
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
The Hardness of Hensel Lifting: The Case of RSA and Discrete Logarithm
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Practical Public Key Cryptosystemfrom Paillier and Rabin Schemes
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
One-wayness equivalent to general factoring
IEEE Transactions on Information Theory
| Hi-index | 0.06 |
We analyze the security of the simplified Paillier (S-Paillier) cryptosystem, which was proposed by Catalano et al. We prove that the one-wayness of the S-Paillier scheme is as intractable as the standard RSA problem. We also prove that an adversary, which breaks the semantic security, can compute the least significant bits of the nonce. This observation is interesting, because the least significant bit of the nonce is the hard core bit of the encryption function. Moreover, we proposed a novel semantically secure cryptosystem, based on the one-way function fMSBZ(l)e, n(r) = (r-MSBl(r))e mod n, where (e, n) is the RSA public-key and r -MSBl(r) means that the l most significant bits of r are zeroed. We proved that the one-wayness of the proposed scheme is as intractable as the standard RSA problem. An adversary, which breaks the semantic security of the proposed scheme, can break the least significant bits of the nonce. These security results of the proposed scheme are similar to those of the S-Paillier cryptosystem. However, the proposed scheme is more efficient than the S-Paillier cryptosystem.