Explicit expression for decryption in a generalisation of the Paillier scheme

O. O. Obi; F. H. Ali; E. Stipidis

doi:10.1049/iet-ifs:20060132

Explicit expression for decryption in a generalisation of the Paillier scheme

O. O. Obi, F. H. Ali, E. Stipidis

Research output: Contribution to journal › Article › peer-review

Abstract

The Paillier scheme encryption, (m, r) → c=g^m r^N mod N², where m is in Z_N, r is in Z_N ^*, N=pq (p, q being strong primes) and g is an element of Z^*_N² of order a multiple of N, is decrypted by mmodN= (L(c^λ mod N²)/L(g ^λ mod N²)) mod N, where L is defined on all u in Z^*_N² such that umodN = 1, by L(u)=(u-1)/N. In the generalisation of the scheme by Damgård and Jurik, the modulus N² is replaced by N^1+s, 1 ≤ s < p, q, but an explicit expression for decryption was not given. Rather a method, the only one known so far, was found for decryption, by first encoding the ciphertext and then using an algorithm of a quadratic order of complexity in s to extract the plaintext part by part therefrom. This gap is filled. An explicit expression for decryption in this setting is presented, which is more straight forward, linear in s in complexity and hence more efficient and reduces to the original Paillier L function for s=1.

Original language	English
Pages (from-to)	163-166
Number of pages	4
Journal	IET Information Security
Volume	1
Issue number	4
DOIs	https://doi.org/10.1049/iet-ifs:20060132
Publication status	Published - 1 Dec 2007

Access to Document

10.1049/iet-ifs:20060132

Cite this

@article{8b4c1411b46b47c19967fb6d3508a11f,

title = "Explicit expression for decryption in a generalisation of the Paillier scheme",

abstract = "The Paillier scheme encryption, (m, r) → c=gm rN mod N2, where m is in ZN, r is in ZN *, N=pq (p, q being strong primes) and g is an element of Z*N2 of order a multiple of N, is decrypted by mmodN= (L(cλ mod N2)/L(g λ mod N2)) mod N, where L is defined on all u in Z*N2 such that umodN = 1, by L(u)=(u-1)/N. In the generalisation of the scheme by Damg{\aa}rd and Jurik, the modulus N2 is replaced by N1+s, 1 ≤ s < p, q, but an explicit expression for decryption was not given. Rather a method, the only one known so far, was found for decryption, by first encoding the ciphertext and then using an algorithm of a quadratic order of complexity in s to extract the plaintext part by part therefrom. This gap is filled. An explicit expression for decryption in this setting is presented, which is more straight forward, linear in s in complexity and hence more efficient and reduces to the original Paillier L function for s=1.",

author = "Obi, {O. O.} and Ali, {F. H.} and E. Stipidis",

year = "2007",

month = dec,

day = "1",

doi = "10.1049/iet-ifs:20060132",

language = "English",

volume = "1",

pages = "163--166",

journal = "IET Information Security",

issn = "1751-8709",

number = "4",

}

TY - JOUR

T1 - Explicit expression for decryption in a generalisation of the Paillier scheme

AU - Obi, O. O.

AU - Ali, F. H.

AU - Stipidis, E.

PY - 2007/12/1

Y1 - 2007/12/1

N2 - The Paillier scheme encryption, (m, r) → c=gm rN mod N2, where m is in ZN, r is in ZN *, N=pq (p, q being strong primes) and g is an element of Z*N2 of order a multiple of N, is decrypted by mmodN= (L(cλ mod N2)/L(g λ mod N2)) mod N, where L is defined on all u in Z*N2 such that umodN = 1, by L(u)=(u-1)/N. In the generalisation of the scheme by Damgård and Jurik, the modulus N2 is replaced by N1+s, 1 ≤ s < p, q, but an explicit expression for decryption was not given. Rather a method, the only one known so far, was found for decryption, by first encoding the ciphertext and then using an algorithm of a quadratic order of complexity in s to extract the plaintext part by part therefrom. This gap is filled. An explicit expression for decryption in this setting is presented, which is more straight forward, linear in s in complexity and hence more efficient and reduces to the original Paillier L function for s=1.

AB - The Paillier scheme encryption, (m, r) → c=gm rN mod N2, where m is in ZN, r is in ZN *, N=pq (p, q being strong primes) and g is an element of Z*N2 of order a multiple of N, is decrypted by mmodN= (L(cλ mod N2)/L(g λ mod N2)) mod N, where L is defined on all u in Z*N2 such that umodN = 1, by L(u)=(u-1)/N. In the generalisation of the scheme by Damgård and Jurik, the modulus N2 is replaced by N1+s, 1 ≤ s < p, q, but an explicit expression for decryption was not given. Rather a method, the only one known so far, was found for decryption, by first encoding the ciphertext and then using an algorithm of a quadratic order of complexity in s to extract the plaintext part by part therefrom. This gap is filled. An explicit expression for decryption in this setting is presented, which is more straight forward, linear in s in complexity and hence more efficient and reduces to the original Paillier L function for s=1.

UR - http://www.scopus.com/inward/record.url?scp=37549054581&partnerID=8YFLogxK

U2 - 10.1049/iet-ifs:20060132

DO - 10.1049/iet-ifs:20060132

M3 - Article

AN - SCOPUS:37549054581

VL - 1

SP - 163

EP - 166

JO - IET Information Security

JF - IET Information Security

SN - 1751-8709

IS - 4

ER -

Explicit expression for decryption in a generalisation of the Paillier scheme

Abstract

Access to Document

Other files and links

Fingerprint

Cite this