Paillier's cryptosystem modulo p2q and its applications to trapdoor commitment schemes

Katja Schmidt-Samoa, Tsuyoshi Takagi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Citations (Scopus)

Abstract

In 1998/99, T. Okamoto and S. Uchiyama on the one hand and P. Paillier on the other hand introduced homomorphic encryption schemes semantically secure against passive adversaries (IND-CPA). Both schemes follow in the footsteps of Goldwasser-Micali, Benaloh-Fischer and Naccache-Stern cryptosystems, and yield their improvements above the latter by changing the group structure. Paillier's scheme works in the group ℤn2x where n is an RSA modulus, whilst Okamoto-Uchiyama is located in the group Zn x for n of p2q type. The new schemes attracted much attention because of their rich mathematical structure. It is notable that Okamoto-Uchiyama is one-way under the p2q factoring assumption, whilst there is no reduction known from the one-wayness of Paillier's scheme to a standard computational assumption. In this paper we point out that the combination of both techniques yields a new scheme that inherits all the nice properties of Paillier's scheme and that is one-way under the p2q factoring assumption. The one-wayness is based on a new trapdoor one-way function which might be of independent interest. In addition, we show how to construct trapdoor commitment schemes with practical applications based on our new scheme and on the trapdoor function. Among other things, we propose a trapdoor commitment scheme that perfectly meets the requirements to construct Shamir-Tauman on-line/off-line signatures.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages296-313
Number of pages18
DOIs
Publication statusPublished - Dec 1 2005
Event1st International Conference on Cryptology in Malaysia on Progress in Cryptology - Mycrypt 2005 - Kuala Lumpur, Malaysia
Duration: Sep 28 2005Sep 30 2005

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3715 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other1st International Conference on Cryptology in Malaysia on Progress in Cryptology - Mycrypt 2005
CountryMalaysia
CityKuala Lumpur
Period9/28/059/30/05

Fingerprint

Cryptosystem
Cryptography
Modulo
Factoring
Commitment
Homomorphic Encryption
One-way Function
Thing
Modulus
Signature
Line
Requirements

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Schmidt-Samoa, K., & Takagi, T. (2005). Paillier's cryptosystem modulo p2q and its applications to trapdoor commitment schemes. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 296-313). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3715 LNCS). https://doi.org/10.1007/11554868_21

Paillier's cryptosystem modulo p2q and its applications to trapdoor commitment schemes. / Schmidt-Samoa, Katja; Takagi, Tsuyoshi.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2005. p. 296-313 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3715 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Schmidt-Samoa, K & Takagi, T 2005, Paillier's cryptosystem modulo p2q and its applications to trapdoor commitment schemes. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3715 LNCS, pp. 296-313, 1st International Conference on Cryptology in Malaysia on Progress in Cryptology - Mycrypt 2005, Kuala Lumpur, Malaysia, 9/28/05. https://doi.org/10.1007/11554868_21
Schmidt-Samoa K, Takagi T. Paillier's cryptosystem modulo p2q and its applications to trapdoor commitment schemes. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2005. p. 296-313. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/11554868_21
Schmidt-Samoa, Katja ; Takagi, Tsuyoshi. / Paillier's cryptosystem modulo p2q and its applications to trapdoor commitment schemes. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2005. pp. 296-313 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{e8668f52afa2476483818c751ee009ce,
title = "Paillier's cryptosystem modulo p2q and its applications to trapdoor commitment schemes",
abstract = "In 1998/99, T. Okamoto and S. Uchiyama on the one hand and P. Paillier on the other hand introduced homomorphic encryption schemes semantically secure against passive adversaries (IND-CPA). Both schemes follow in the footsteps of Goldwasser-Micali, Benaloh-Fischer and Naccache-Stern cryptosystems, and yield their improvements above the latter by changing the group structure. Paillier's scheme works in the group ℤn2x where n is an RSA modulus, whilst Okamoto-Uchiyama is located in the group Zn x for n of p2q type. The new schemes attracted much attention because of their rich mathematical structure. It is notable that Okamoto-Uchiyama is one-way under the p2q factoring assumption, whilst there is no reduction known from the one-wayness of Paillier's scheme to a standard computational assumption. In this paper we point out that the combination of both techniques yields a new scheme that inherits all the nice properties of Paillier's scheme and that is one-way under the p2q factoring assumption. The one-wayness is based on a new trapdoor one-way function which might be of independent interest. In addition, we show how to construct trapdoor commitment schemes with practical applications based on our new scheme and on the trapdoor function. Among other things, we propose a trapdoor commitment scheme that perfectly meets the requirements to construct Shamir-Tauman on-line/off-line signatures.",
author = "Katja Schmidt-Samoa and Tsuyoshi Takagi",
year = "2005",
month = "12",
day = "1",
doi = "10.1007/11554868_21",
language = "English",
isbn = "3540289380",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "296--313",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Paillier's cryptosystem modulo p2q and its applications to trapdoor commitment schemes

AU - Schmidt-Samoa, Katja

AU - Takagi, Tsuyoshi

PY - 2005/12/1

Y1 - 2005/12/1

N2 - In 1998/99, T. Okamoto and S. Uchiyama on the one hand and P. Paillier on the other hand introduced homomorphic encryption schemes semantically secure against passive adversaries (IND-CPA). Both schemes follow in the footsteps of Goldwasser-Micali, Benaloh-Fischer and Naccache-Stern cryptosystems, and yield their improvements above the latter by changing the group structure. Paillier's scheme works in the group ℤn2x where n is an RSA modulus, whilst Okamoto-Uchiyama is located in the group Zn x for n of p2q type. The new schemes attracted much attention because of their rich mathematical structure. It is notable that Okamoto-Uchiyama is one-way under the p2q factoring assumption, whilst there is no reduction known from the one-wayness of Paillier's scheme to a standard computational assumption. In this paper we point out that the combination of both techniques yields a new scheme that inherits all the nice properties of Paillier's scheme and that is one-way under the p2q factoring assumption. The one-wayness is based on a new trapdoor one-way function which might be of independent interest. In addition, we show how to construct trapdoor commitment schemes with practical applications based on our new scheme and on the trapdoor function. Among other things, we propose a trapdoor commitment scheme that perfectly meets the requirements to construct Shamir-Tauman on-line/off-line signatures.

AB - In 1998/99, T. Okamoto and S. Uchiyama on the one hand and P. Paillier on the other hand introduced homomorphic encryption schemes semantically secure against passive adversaries (IND-CPA). Both schemes follow in the footsteps of Goldwasser-Micali, Benaloh-Fischer and Naccache-Stern cryptosystems, and yield their improvements above the latter by changing the group structure. Paillier's scheme works in the group ℤn2x where n is an RSA modulus, whilst Okamoto-Uchiyama is located in the group Zn x for n of p2q type. The new schemes attracted much attention because of their rich mathematical structure. It is notable that Okamoto-Uchiyama is one-way under the p2q factoring assumption, whilst there is no reduction known from the one-wayness of Paillier's scheme to a standard computational assumption. In this paper we point out that the combination of both techniques yields a new scheme that inherits all the nice properties of Paillier's scheme and that is one-way under the p2q factoring assumption. The one-wayness is based on a new trapdoor one-way function which might be of independent interest. In addition, we show how to construct trapdoor commitment schemes with practical applications based on our new scheme and on the trapdoor function. Among other things, we propose a trapdoor commitment scheme that perfectly meets the requirements to construct Shamir-Tauman on-line/off-line signatures.

UR - http://www.scopus.com/inward/record.url?scp=33646201706&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33646201706&partnerID=8YFLogxK

U2 - 10.1007/11554868_21

DO - 10.1007/11554868_21

M3 - Conference contribution

AN - SCOPUS:33646201706

SN - 3540289380

SN - 9783540289388

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 296

EP - 313

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -