Skip to main content
Log in

Paillier’s trapdoor function hides Θ(n) bits

  • Research Papers
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

Abstract

In this paper, we re-examine the bit security of Paillier’s trapdoor function. We show that given a random w = g c y N mod N 2\(\mathbb{Z}_{N^2 }^* \) the most significant bit of its class c is a hard-core predicate, under a standard assumption that is computing composite residuosity class is hard. For the simultaneous security, we prove that n number of the class c’s bits are simultaneously hard-core under the standard assumption, where n is the length of c.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Blum M, Micali S. How to generate cryptographically strong sequences of pseudo-random bits. SIAM J Comput, 1984, 13: 850–864

    Article  MathSciNet  MATH  Google Scholar 

  2. Alexi W, Chor B, Goldreich O, et al. RSA and rabin functions: certain parts are as hard as the whole. SIAM J Comput, 1988, 17:194–209

    Article  MathSciNet  MATH  Google Scholar 

  3. Goldreich O, Levin L. A hard-core predicate for all one-way functions. In: Johnson D S, ed. Proceedings of the 21st ACM Symposium on Theory of Computing. New York: ACM, 1989. 25–32

    Google Scholar 

  4. Yao A C. Theory and applications of trapdoor functions. In: Pippenger N, ed. Proceedings of 23rd IEEE Symposium on Fundations of Computer Science. Washington D C: IEEE Computer Society, 1982. 80–91

    Google Scholar 

  5. Long D L, Wigderson A. The discrete log hides O(log n) bits. SIAM J Comput, 1988, 17: 363–372

    Article  MathSciNet  MATH  Google Scholar 

  6. Peralta R. Simultaneous security of bits in the discrete log. In: Proceedings of Advances in Cryptography — Eurocrypt’85. LNCS, Vol 219. Berlin: Springer-Verlag, 1986. 66–72

    Google Scholar 

  7. Goldreich O, Rosen V. On the security of modular exponentiation with application to the construction of pseudorandom generators. J Cryptol, 2003, 16: 71–93

    Article  MathSciNet  MATH  Google Scholar 

  8. Håstad J, Schrift A W, Shamir A. The discrete logarithm modulo a composite Hides O(n) bits. J Comput Syst Sci, 1993, 47: 376–404

    Article  MATH  Google Scholar 

  9. Paillier P. Public-key cryptosystems based on composite degree residuosity class. In: Proceedings of Advances in Cryptography — Eurocrypt’99. LNCS, Vol 1592. Berlin: Springer-Verlag, 1999. 223–238

    Google Scholar 

  10. Catalano D, Gennaro R, Howgrave G N. Paillier’s trapdoor function hides up to O(n) bits. J Cryptol, 2002, 15: 251–269

    Article  MATH  Google Scholar 

  11. Goldreich O. Foundation of Cryptography-Basic Tools. Cambridge: Cambridge University Press, 2001. 1–78

    Book  Google Scholar 

  12. Kiltz E. A primitive for proving the security of every bit and about universal hash functions & hard core bits, full version. In: Proceedings of the 13th International Symposium on Fundamentals of Computation Theory, FCT 2001. LNCS, Vol 2138. Berlin: Springer-Verlag, 2001. 388–391

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Dong Su or KeWei Lü.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Su, D., Lü, K. Paillier’s trapdoor function hides Θ(n) bits. Sci. China Inf. Sci. 54, 1827–1836 (2011). https://doi.org/10.1007/s11432-011-4269-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11432-011-4269-9

Keywords

Navigation