Re: Is fast variant of Paillier insecure?
- From: Kristian Gjøsteen <kristiag+news@xxxxxxxxxxxx>
- Date: Wed, 1 Oct 2008 12:56:10 +0000 (UTC)
Amit <amitabh123@xxxxxxxxx> wrote:
Kristian, what did you mean when you said 'There are other minor
applications of such moduli'? Can you describe some application?
n = (2as+1)(2bs+1) = pq. Let g have order ab, let h have order s.
s can be prime or composite. If s only has small prime factors,
you can compute discrete logs to base h.
You then get a nice additively homomorphic cryptosystem where the public
key is (n,g,h), the private key is (n,ab), and you encrypt messages
as g^r h^m. To decrypt, compute c^ab, find the discrete logarithm x,
then find the message as x*(ab)^{-1} mod s.
That's a minor application if I ever saw one.
--
Kristian Gjøsteen
.
- References:
- Re: Is fast variant of Paillier insecure?
- From: Amit
- Re: Is fast variant of Paillier insecure?
- Prev by Date: Re: Is fast variant of Paillier insecure?
- Next by Date: Re: libtommath - Greg Rose - Help on libtommath
- Previous by thread: Re: Is fast variant of Paillier insecure?
- Next by thread: Re: Request for solutions of some cryptography books.
- Index(es):
