Abstract
Choi et al. proposed the modified Paillier cryptosystem (M-Paillier cryptosystem). They use a special public-key g ∈ ℤ/nℤ such that g ϕ(n) = 1 + n mod n 2, where n is the RSA modulus. The distribution of the public key g is different from that of the original one. In this paper, we study the security of the usage of the public key. Firstly, we prove that the one-wayness of the M-Paillier cryptosystem is as intractable as factoring the modulus n, if the public key g can be generated only by the public modulus n. Secondly, we prove that the oracle that can generate the public-key factors the modulus n. Thus the public keys cannot be generated without knowing the factoring of n. The Paillier cryptosystem can use the public key g = 1 + n, which is generated only from the public modulus n. Thirdly, we propose a chosen ciphertext attack against the M-Paillier cryptosystem. Our attack can factor the modulus n by only one query to the decryption oracle. This type of total breaking attack has not been reported for the original Paillier cryptosystem. Finally, we discuss the relationship between the M-Paillier cryptosystem and the Okamoto-Uchiyama scheme.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations among notions of security for public-key encryption schemes,” CRYPTO’98, LNCS 1462, pp. 26–45, 1998.
J. Boyar, K. Friedl, and C. Lund, “Practical zero-knowledge proofs: Giving hits and using deficiencies,” Journal of Cryptology, 4(3), pp. 185–206, 1991.
J. Camenish and M. Michels, “Proving that a number is the product of two safe primes,” Eurocrypt’ 99, LNCS 1592, pp. 107–122, 1999.
D. Catalano, R. Gennaro, and N. Howgraw-Graham, “The bit security of Paillier’s encryption scheme and its applications,” Eurocrypt 2001, LNCS 2045, pp. 229–243, 2001.
D. Catalano, R. Gennaro, N. Howgrave-Graham, and P. Nguyen, “Paillier’s cryptosystem revisited,” to appear in the ACM conference on Computer and Communication Security, 2001. (available from http://www.di.ens.fr/~pnguyen/)
D.-H. Choi, S. Choi, and D. Won, “Improvement of probabilistic public key cryptosystem using discrete logarithm,” The 4th International Conference on Information Security and Cryptology, ICISC 2001, LNCS 2288, pp. 72–80, 2002.
I. Damgård and M. Jurik, “A generalization, a simplification and some applications of Paillier’s probabilistic public-key system, ” PKC 2001, LNCS 1992, pp. 119–136, 2001.
E. Fujisaki and T. Okamoto, “How to enhance the security of public-key encryption at minimum cost,” 1999 International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1560, pp. 53–68, 1999.
E. Fujisaki and T. Okamoto, “Secure integration of asymmetric and symmetric encryption schemes,’ Advances in Cryptology-CRYPTO’99, LNCS 1666, pp. 537–554, 1999.
S. Galbraith, “Elliptic curve Paillier schemes,” to appear in Journal of Cryptology, 2001. (available from http://www.isg.rhul.ac.uk/~sdg/)
D. Galindo, S. Martín, P. Morillo, and J. Villar, “An efficient semantically secure elliptic curve cryptosystem based on KMOV scheme,” Cryptology ePrint Archive, Report 2002/037, 2002. (available from http://eprint.iacr.org/)
R. Gennaro, D. Micciancio, and T. Rabin, “An efficient non-interactive statistical zero-knowledge proof system for quasi-safe prime products,” ACM Conference on Computer and Communications Security, pp. 67–72, 1998.
T. Okamoto and D. Pointcheval, “The Gap-Problems: a new class of problems fro the security of cryptographic schemes,” 2001 International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1992, pp. 104–118, 2001.
T. Okamoto and D. Pointcheval, “REACT: Rapid Enhanced-security Asymmetric Cryptosystem Transform,” In Proceedings of the Cryptographers’ Track at RSA Conference’ 2001, LNCS 2020, pp. 159–175, 2001.
T. Okamoto and S. Uchiyama, “A new public-key cryptosystem as secure as factoring,” Eurocrypt’98, LNCS 1403, pp. 308–318, 1998.
P. Paillier, “Public-key cryptosystems based on composite degree residuosity classes,” Eurocrypt’99, LNCS 1592, pp. 223–238, 1999.
P. Paillier and D. Pointcheval, “Efficient public key cryptosystems provably secure against active adversaries,” Asiacrypt’99, LNCS 1716, pp. 165–179, 1999.
D. Pointcheval, “Chosen-ciphertext security for any one-way cryptosystem,” 2000 International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1751, pp. 129–146, 2000.
M. Rabin, “Digitalized signatures and public-key functions as intractable as factorization”, Technical Report No.212, MIT, Laboratory of Computer Science, Cambridge, pp. 1–16, 1979.
K. Sakurai and T. Takagi, “New semantically secure public-key cryptosystems from the RSA-primitive,” PKC 2002, LNCS 2274, pp. 1–16, 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sakurai, K., Takagi, T. (2002). On the Security of a Modified Paillier Public-Key Primitive. In: Batten, L., Seberry, J. (eds) Information Security and Privacy. ACISP 2002. Lecture Notes in Computer Science, vol 2384. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45450-0_33
Download citation
DOI: https://doi.org/10.1007/3-540-45450-0_33
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43861-8
Online ISBN: 978-3-540-45450-2
eBook Packages: Springer Book Archive