TY - GEN
T1 - Paillier's cryptosystem modulo p2q and its applications to trapdoor commitment schemes
AU - Schmidt-Samoa, Katja
AU - Takagi, Tsuyoshi
PY - 2005/12/1
Y1 - 2005/12/1
N2 - In 1998/99, T. Okamoto and S. Uchiyama on the one hand and P. Paillier on the other hand introduced homomorphic encryption schemes semantically secure against passive adversaries (IND-CPA). Both schemes follow in the footsteps of Goldwasser-Micali, Benaloh-Fischer and Naccache-Stern cryptosystems, and yield their improvements above the latter by changing the group structure. Paillier's scheme works in the group ℤn2x where n is an RSA modulus, whilst Okamoto-Uchiyama is located in the group Zn x for n of p2q type. The new schemes attracted much attention because of their rich mathematical structure. It is notable that Okamoto-Uchiyama is one-way under the p2q factoring assumption, whilst there is no reduction known from the one-wayness of Paillier's scheme to a standard computational assumption. In this paper we point out that the combination of both techniques yields a new scheme that inherits all the nice properties of Paillier's scheme and that is one-way under the p2q factoring assumption. The one-wayness is based on a new trapdoor one-way function which might be of independent interest. In addition, we show how to construct trapdoor commitment schemes with practical applications based on our new scheme and on the trapdoor function. Among other things, we propose a trapdoor commitment scheme that perfectly meets the requirements to construct Shamir-Tauman on-line/off-line signatures.
AB - In 1998/99, T. Okamoto and S. Uchiyama on the one hand and P. Paillier on the other hand introduced homomorphic encryption schemes semantically secure against passive adversaries (IND-CPA). Both schemes follow in the footsteps of Goldwasser-Micali, Benaloh-Fischer and Naccache-Stern cryptosystems, and yield their improvements above the latter by changing the group structure. Paillier's scheme works in the group ℤn2x where n is an RSA modulus, whilst Okamoto-Uchiyama is located in the group Zn x for n of p2q type. The new schemes attracted much attention because of their rich mathematical structure. It is notable that Okamoto-Uchiyama is one-way under the p2q factoring assumption, whilst there is no reduction known from the one-wayness of Paillier's scheme to a standard computational assumption. In this paper we point out that the combination of both techniques yields a new scheme that inherits all the nice properties of Paillier's scheme and that is one-way under the p2q factoring assumption. The one-wayness is based on a new trapdoor one-way function which might be of independent interest. In addition, we show how to construct trapdoor commitment schemes with practical applications based on our new scheme and on the trapdoor function. Among other things, we propose a trapdoor commitment scheme that perfectly meets the requirements to construct Shamir-Tauman on-line/off-line signatures.
UR - http://www.scopus.com/inward/record.url?scp=33646201706&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33646201706&partnerID=8YFLogxK
U2 - 10.1007/11554868_21
DO - 10.1007/11554868_21
M3 - Conference contribution
AN - SCOPUS:33646201706
SN - 3540289380
SN - 9783540289388
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 296
EP - 313
BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
T2 - 1st International Conference on Cryptology in Malaysia on Progress in Cryptology - Mycrypt 2005
Y2 - 28 September 2005 through 30 September 2005
ER -