On the security of a modified paillier public-key primitive

Kouichi Sakurai, Tsuyoshi Takagi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Choi et al. proposed the modified Paillier cryptosystem (M-Paillier cryptosystem). They use a special public-key g ∈ ZZ/nZZ such that gϕ(n) = 1+n mod n2, where n is the RSA modulus. The distribution of the public key g is different from that of the original one. In this paper, we study the security of the usage of the public key. Firstly, we prove that the one-wayness of the M-Paillier cryptosystem is as intractable as factoring the modulus n, if the public key g can be generated only by the public modulus n. Secondly, we prove that the oracle that can generate the public-key factors the modulus n. Thus the public keys cannot be generated without knowing the factoring of n. The Paillier cryptosystem can use the public key g = 1+n, which is generated only from the public modulus n. Thirdly, we propose a chosen ciphertext attack against the M-Paillier cryptosystem. Our attack can factor the modulus n by only one query to the decryption oracle. This type of total breaking attack has not been reported for the original Paillier cryptosystem. Finally, we discuss the relationship between the M-Paillier cryptosystem and the Okamoto-Uchiyama scheme.

Original languageEnglish
Title of host publicationInformation Security and Privacy - 7th Australasian Conference, ACISP 2002, Proceedings
PublisherSpringer Verlag
Pages436-448
Number of pages13
Volume2384
ISBN (Print)3540438610, 9783540438618
Publication statusPublished - 2002
Event7th Australasian Conference on Information Security and Privacy, ACISP 2002 - Melbourne, Australia
Duration: Jul 3 2002Jul 5 2002

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2384
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other7th Australasian Conference on Information Security and Privacy, ACISP 2002
CountryAustralia
CityMelbourne
Period7/3/027/5/02

Fingerprint

Public key
Cryptosystem
Cryptography
Modulus
Factoring
Attack
Query

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Sakurai, K., & Takagi, T. (2002). On the security of a modified paillier public-key primitive. In Information Security and Privacy - 7th Australasian Conference, ACISP 2002, Proceedings (Vol. 2384, pp. 436-448). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2384). Springer Verlag.

On the security of a modified paillier public-key primitive. / Sakurai, Kouichi; Takagi, Tsuyoshi.

Information Security and Privacy - 7th Australasian Conference, ACISP 2002, Proceedings. Vol. 2384 Springer Verlag, 2002. p. 436-448 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2384).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sakurai, K & Takagi, T 2002, On the security of a modified paillier public-key primitive. in Information Security and Privacy - 7th Australasian Conference, ACISP 2002, Proceedings. vol. 2384, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2384, Springer Verlag, pp. 436-448, 7th Australasian Conference on Information Security and Privacy, ACISP 2002, Melbourne, Australia, 7/3/02.
Sakurai K, Takagi T. On the security of a modified paillier public-key primitive. In Information Security and Privacy - 7th Australasian Conference, ACISP 2002, Proceedings. Vol. 2384. Springer Verlag. 2002. p. 436-448. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Sakurai, Kouichi ; Takagi, Tsuyoshi. / On the security of a modified paillier public-key primitive. Information Security and Privacy - 7th Australasian Conference, ACISP 2002, Proceedings. Vol. 2384 Springer Verlag, 2002. pp. 436-448 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{5404c478f1f243b08fc29a2a0f2fb6f7,
title = "On the security of a modified paillier public-key primitive",
abstract = "Choi et al. proposed the modified Paillier cryptosystem (M-Paillier cryptosystem). They use a special public-key g ∈ ZZ/nZZ such that gϕ(n) = 1+n mod n2, where n is the RSA modulus. The distribution of the public key g is different from that of the original one. In this paper, we study the security of the usage of the public key. Firstly, we prove that the one-wayness of the M-Paillier cryptosystem is as intractable as factoring the modulus n, if the public key g can be generated only by the public modulus n. Secondly, we prove that the oracle that can generate the public-key factors the modulus n. Thus the public keys cannot be generated without knowing the factoring of n. The Paillier cryptosystem can use the public key g = 1+n, which is generated only from the public modulus n. Thirdly, we propose a chosen ciphertext attack against the M-Paillier cryptosystem. Our attack can factor the modulus n by only one query to the decryption oracle. This type of total breaking attack has not been reported for the original Paillier cryptosystem. Finally, we discuss the relationship between the M-Paillier cryptosystem and the Okamoto-Uchiyama scheme.",
author = "Kouichi Sakurai and Tsuyoshi Takagi",
year = "2002",
language = "English",
isbn = "3540438610",
volume = "2384",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "436--448",
booktitle = "Information Security and Privacy - 7th Australasian Conference, ACISP 2002, Proceedings",
address = "Germany",

}

TY - GEN

T1 - On the security of a modified paillier public-key primitive

AU - Sakurai, Kouichi

AU - Takagi, Tsuyoshi

PY - 2002

Y1 - 2002

N2 - Choi et al. proposed the modified Paillier cryptosystem (M-Paillier cryptosystem). They use a special public-key g ∈ ZZ/nZZ such that gϕ(n) = 1+n mod n2, where n is the RSA modulus. The distribution of the public key g is different from that of the original one. In this paper, we study the security of the usage of the public key. Firstly, we prove that the one-wayness of the M-Paillier cryptosystem is as intractable as factoring the modulus n, if the public key g can be generated only by the public modulus n. Secondly, we prove that the oracle that can generate the public-key factors the modulus n. Thus the public keys cannot be generated without knowing the factoring of n. The Paillier cryptosystem can use the public key g = 1+n, which is generated only from the public modulus n. Thirdly, we propose a chosen ciphertext attack against the M-Paillier cryptosystem. Our attack can factor the modulus n by only one query to the decryption oracle. This type of total breaking attack has not been reported for the original Paillier cryptosystem. Finally, we discuss the relationship between the M-Paillier cryptosystem and the Okamoto-Uchiyama scheme.

AB - Choi et al. proposed the modified Paillier cryptosystem (M-Paillier cryptosystem). They use a special public-key g ∈ ZZ/nZZ such that gϕ(n) = 1+n mod n2, where n is the RSA modulus. The distribution of the public key g is different from that of the original one. In this paper, we study the security of the usage of the public key. Firstly, we prove that the one-wayness of the M-Paillier cryptosystem is as intractable as factoring the modulus n, if the public key g can be generated only by the public modulus n. Secondly, we prove that the oracle that can generate the public-key factors the modulus n. Thus the public keys cannot be generated without knowing the factoring of n. The Paillier cryptosystem can use the public key g = 1+n, which is generated only from the public modulus n. Thirdly, we propose a chosen ciphertext attack against the M-Paillier cryptosystem. Our attack can factor the modulus n by only one query to the decryption oracle. This type of total breaking attack has not been reported for the original Paillier cryptosystem. Finally, we discuss the relationship between the M-Paillier cryptosystem and the Okamoto-Uchiyama scheme.

UR - http://www.scopus.com/inward/record.url?scp=55749113270&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=55749113270&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:55749113270

SN - 3540438610

SN - 9783540438618

VL - 2384

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 436

EP - 448

BT - Information Security and Privacy - 7th Australasian Conference, ACISP 2002, Proceedings

PB - Springer Verlag

ER -