Abstract
In this paper, we re-examine the bit security of Paillier’s trapdoor function. We show that given a random w = g c y N mod N 2 ∈ \(\mathbb{Z}_{N^2 }^* \) the most significant bit of its class c is a hard-core predicate, under a standard assumption that is computing composite residuosity class is hard. For the simultaneous security, we prove that n number of the class c’s bits are simultaneously hard-core under the standard assumption, where n is the length of c.
Similar content being viewed by others
References
Blum M, Micali S. How to generate cryptographically strong sequences of pseudo-random bits. SIAM J Comput, 1984, 13: 850–864
Alexi W, Chor B, Goldreich O, et al. RSA and rabin functions: certain parts are as hard as the whole. SIAM J Comput, 1988, 17:194–209
Goldreich O, Levin L. A hard-core predicate for all one-way functions. In: Johnson D S, ed. Proceedings of the 21st ACM Symposium on Theory of Computing. New York: ACM, 1989. 25–32
Yao A C. Theory and applications of trapdoor functions. In: Pippenger N, ed. Proceedings of 23rd IEEE Symposium on Fundations of Computer Science. Washington D C: IEEE Computer Society, 1982. 80–91
Long D L, Wigderson A. The discrete log hides O(log n) bits. SIAM J Comput, 1988, 17: 363–372
Peralta R. Simultaneous security of bits in the discrete log. In: Proceedings of Advances in Cryptography — Eurocrypt’85. LNCS, Vol 219. Berlin: Springer-Verlag, 1986. 66–72
Goldreich O, Rosen V. On the security of modular exponentiation with application to the construction of pseudorandom generators. J Cryptol, 2003, 16: 71–93
Håstad J, Schrift A W, Shamir A. The discrete logarithm modulo a composite Hides O(n) bits. J Comput Syst Sci, 1993, 47: 376–404
Paillier P. Public-key cryptosystems based on composite degree residuosity class. In: Proceedings of Advances in Cryptography — Eurocrypt’99. LNCS, Vol 1592. Berlin: Springer-Verlag, 1999. 223–238
Catalano D, Gennaro R, Howgrave G N. Paillier’s trapdoor function hides up to O(n) bits. J Cryptol, 2002, 15: 251–269
Goldreich O. Foundation of Cryptography-Basic Tools. Cambridge: Cambridge University Press, 2001. 1–78
Kiltz E. A primitive for proving the security of every bit and about universal hash functions & hard core bits, full version. In: Proceedings of the 13th International Symposium on Fundamentals of Computation Theory, FCT 2001. LNCS, Vol 2138. Berlin: Springer-Verlag, 2001. 388–391
Author information
Authors and Affiliations
Corresponding authors
Rights and permissions
About this article
Cite this article
Su, D., Lü, K. Paillier’s trapdoor function hides Θ(n) bits. Sci. China Inf. Sci. 54, 1827–1836 (2011). https://doi.org/10.1007/s11432-011-4269-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11432-011-4269-9