Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
EUROCRYPT
2001
Springer
2001
Springer
The Bit Security of Paillier's Encryption Scheme and Its Applications
At EuroCrypt’99, Paillier proposed a new encryption scheme based on higher residuosity classes. The new scheme was proven to be one-way under the assumption that computing N-residuosity classes in Z∗ N2 is hard. Similarly the scheme can be proven to be semantically secure under a much stronger decisional assumption: given w ∈ Z∗ N2 it is hard to decide if w is an N-residue or not. In this paper we examine the bit security of Paillier’s scheme. We prove that, if computing residuosity classes is hard, then given a random w it is impossible to predict the least significant bit of its class significantly better than at random. This immediately yields a way to obtain semantic security without relying on the decisional assumption (at the cost of several invocations of Paillier’s original function). In order to improve efficiency we then turn to the problem of simultaneous security of many bits. We prove that Paillier’s scheme hides n − b (up to O(n)) bits if one assumes tha...
Real-time TrafficRelated Content
| Added | 28 Jul 2010 |
| Updated | 28 Jul 2010 |
| Type | Conference |
| Year | 2001 |
| Where | EUROCRYPT |
| Authors | Dario Catalano, Rosario Gennaro, Nick Howgrave-Graham |
Comments (0)
Researcher Info
|
