Date: 25 May 2006

A new public-key cryptosystem as secure as factoring


This paper proposes a novel public-key cryptosystem, which is practical, provably secure and has some other interesting properties as follows:

  1. Its trapdoor technique is essentially different from any other previous schemes including RSA-Rabin and Diffie-Hellman.

  2. It is a probabilistic encryption scheme.

  3. It can be proven to be as secure as the intractability of factoring n = p2q (in the sense of the security of the whole plaintext) against passive adversaries.

  4. It is semantically secure under the p-subgroup assumption, which is comparable to the quadratic residue and higher degree residue assumptions.

  5. Under the most practical environment, the encryption and decryption speeds of our scheme are comparable to (around twice slower than) those of elliptic curve cryptosystems.

  6. It has a homomorphic property: E(m0, r0)E(m1, r1) mod n = E(@#@ m0 + m1, r2), where E(m, r) means a ciphertext of plaintext m as randomized by r and m0+ m1 < p.

  7. Anyone can change a ciphertext, C = E(m, r), into another ciphertext, C′ = Chr' mod n, while preserving plaintext of C (i.e., C′ = E(m,r″)), and the relationship between C and C′ can be concealed.