### Abstract

Choi et al. proposed the modified Paillier cryptosystem (M-Paillier cryptosystem). They use a special public-key g ∈ ZZ/nZZ such that g^{ϕ(n)} = 1+n mod n^{2}, where n is the RSA modulus. The distribution of the public key g is different from that of the original one. In this paper, we study the security of the usage of the public key. Firstly, we prove that the one-wayness of the M-Paillier cryptosystem is as intractable as factoring the modulus n, if the public key g can be generated only by the public modulus n. Secondly, we prove that the oracle that can generate the public-key factors the modulus n. Thus the public keys cannot be generated without knowing the factoring of n. The Paillier cryptosystem can use the public key g = 1+n, which is generated only from the public modulus n. Thirdly, we propose a chosen ciphertext attack against the M-Paillier cryptosystem. Our attack can factor the modulus n by only one query to the decryption oracle. This type of total breaking attack has not been reported for the original Paillier cryptosystem. Finally, we discuss the relationship between the M-Paillier cryptosystem and the Okamoto-Uchiyama scheme.

Original language | English |
---|---|

Title of host publication | Information Security and Privacy - 7th Australasian Conference, ACISP 2002, Proceedings |

Publisher | Springer Verlag |

Pages | 436-448 |

Number of pages | 13 |

Volume | 2384 |

ISBN (Print) | 3540438610, 9783540438618 |

Publication status | Published - 2002 |

Event | 7th Australasian Conference on Information Security and Privacy, ACISP 2002 - Melbourne, Australia Duration: Jul 3 2002 → Jul 5 2002 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 2384 |

ISSN (Print) | 03029743 |

ISSN (Electronic) | 16113349 |

### Other

Other | 7th Australasian Conference on Information Security and Privacy, ACISP 2002 |
---|---|

Country | Australia |

City | Melbourne |

Period | 7/3/02 → 7/5/02 |

### Fingerprint

### All Science Journal Classification (ASJC) codes

- Computer Science(all)
- Theoretical Computer Science

### Cite this

*Information Security and Privacy - 7th Australasian Conference, ACISP 2002, Proceedings*(Vol. 2384, pp. 436-448). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2384). Springer Verlag.

**On the security of a modified paillier public-key primitive.** / Sakurai, Kouichi; Takagi, Tsuyoshi.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Information Security and Privacy - 7th Australasian Conference, ACISP 2002, Proceedings.*vol. 2384, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2384, Springer Verlag, pp. 436-448, 7th Australasian Conference on Information Security and Privacy, ACISP 2002, Melbourne, Australia, 7/3/02.

}

TY - GEN

T1 - On the security of a modified paillier public-key primitive

AU - Sakurai, Kouichi

AU - Takagi, Tsuyoshi

PY - 2002

Y1 - 2002

N2 - Choi et al. proposed the modified Paillier cryptosystem (M-Paillier cryptosystem). They use a special public-key g ∈ ZZ/nZZ such that gϕ(n) = 1+n mod n2, where n is the RSA modulus. The distribution of the public key g is different from that of the original one. In this paper, we study the security of the usage of the public key. Firstly, we prove that the one-wayness of the M-Paillier cryptosystem is as intractable as factoring the modulus n, if the public key g can be generated only by the public modulus n. Secondly, we prove that the oracle that can generate the public-key factors the modulus n. Thus the public keys cannot be generated without knowing the factoring of n. The Paillier cryptosystem can use the public key g = 1+n, which is generated only from the public modulus n. Thirdly, we propose a chosen ciphertext attack against the M-Paillier cryptosystem. Our attack can factor the modulus n by only one query to the decryption oracle. This type of total breaking attack has not been reported for the original Paillier cryptosystem. Finally, we discuss the relationship between the M-Paillier cryptosystem and the Okamoto-Uchiyama scheme.

AB - Choi et al. proposed the modified Paillier cryptosystem (M-Paillier cryptosystem). They use a special public-key g ∈ ZZ/nZZ such that gϕ(n) = 1+n mod n2, where n is the RSA modulus. The distribution of the public key g is different from that of the original one. In this paper, we study the security of the usage of the public key. Firstly, we prove that the one-wayness of the M-Paillier cryptosystem is as intractable as factoring the modulus n, if the public key g can be generated only by the public modulus n. Secondly, we prove that the oracle that can generate the public-key factors the modulus n. Thus the public keys cannot be generated without knowing the factoring of n. The Paillier cryptosystem can use the public key g = 1+n, which is generated only from the public modulus n. Thirdly, we propose a chosen ciphertext attack against the M-Paillier cryptosystem. Our attack can factor the modulus n by only one query to the decryption oracle. This type of total breaking attack has not been reported for the original Paillier cryptosystem. Finally, we discuss the relationship between the M-Paillier cryptosystem and the Okamoto-Uchiyama scheme.

UR - http://www.scopus.com/inward/record.url?scp=55749113270&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=55749113270&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:55749113270

SN - 3540438610

SN - 9783540438618

VL - 2384

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 436

EP - 448

BT - Information Security and Privacy - 7th Australasian Conference, ACISP 2002, Proceedings

PB - Springer Verlag

ER -